Do you need to design a Device Control Policy to block all but a few select USBs from being written to or read from? If that is you, this is the video to help!
I recently needed to create a policy to manage USBs. We wanted to block people from writing to USBs unless the devices were in our approved list. In this video, I’ll show you how to build out USB device controls using Intune and Defender for Endpoint.
We’ll start by discussing the need for such policies and then dive into the step-by-step process of designing and implementing them. You’ll learn how to:
– Create policies to control which USB devices can be plugged in and used in your environment.
– Block the ability to write to any USB devices except for those on your approved list.
– Configure policies to deny removable storage devices, CD-ROMs, and other specific device types.
– Use reusable device settings to streamline policy creation and management.
– By the end of this video, you’ll have a comprehensive understanding of how to manage USB device access in your organization, ensuring that only approved devices can be used. If you find this video helpful, please let me know in the comments!
Let’s hop into it and design some USB device control policies!
K Q L
DeviceEvents
| extend parsed=parse_json(AdditionalFields)
| extend MediaClass = tostring(parsed.ClassName)
| extend MediaDeviceId = tostring(parsed.DeviceId)
| extend MediaDescription = tostring(parsed.DeviceDescription)
| extend MediaSerialNumber = tostring(parsed.SerialNumber)
| extend DeviceInstanceId = tostring(parsed.DeviceInstanceId)
| extend DriverName = tostring(parsed.DriverName)
| extend ClassGUID = tostring(parsed.ClassGuid)
| where ActionType contains “PnPDeviceBlocked”
| project Timestamp, ActionType, DeviceInstanceId, DriverName, ClassGUID
| order by Timestamp desc
L I N K S
https://learn.microsoft.com/en-us/defender-endpoint/device-control-overview
https://learn.microsoft.com/en-us/defender-endpoint/device-control-deploy-manage-intune#defining-settings-with-oma-uri