We are currently running Windows 365 Enterprise with the Windows 365 Security Baseline (preview) November 2021 version in MEM and when we try to use USB attached scanners, we are unable to connect to them from our Cloud PC's (Windows 10 or Windows11). 

At this point we're not  doing any USB setting configs via GPO. I'm wondering if a GPO is needed or if there are settings in the security baseline that need to be adjusted. Right now I have set the Device Installation -> "Block hardware device installation by setup class" setting to No (just set that this morning so there may be a delay with propagation) and the DMA Guard -> "Enumeration of external devices incompatible with Kernel DMA Protection" option set to Block All. Not sure what DMA protection is, but see that the option is "On" on my laptop and "Off" on my Cloud PC.

Thanks in advance for any pointers!