Share via

Block removeable usb storage via Intune

N-M 191 Reputation points
Jan 9, 2023, 7:54 PM

Hello,

I searched a lot and find a policy here Endpoint security >> Attack surface reduction>> device control.

Previously there was a option to block usb storage like follwoing picture. Unfortunately, there isn't this option anymore.
277582-1.jpg

So, how can I block just removeable usb storage?
There are some options but each of them has a specific problem.
for example:
Prevent installation of removeable devices:
This option will allow laptop to recognize usb storage that has connected before to the laptop. It just prevent new usb storage to connect.
277557-2.jpg

It would be great if you could help me in this regard
Thank you@

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,251 questions
{count} votes

Accepted answer
  1. Jordan Millama 1,366 Reputation points
    Jan 9, 2023, 9:56 PM

    It appears the way this is accomplished has changed.

    1. In Endpoint Manager go to Endpoint security > Attack surface reduction > Create Policy
    2. Platform: Windows 10 and later, Profile: Device control, then Create
    3. Give it a name and description
    4. Scroll down and locate the Storage section and enable Removable Disk Deny Write Access
    5. Use Scope tags or assign to required groups/users

    277622-image.png


    Please accept as an answer if this was helpful.

    3 people found this answer helpful.

8 additional answers

Sort by: Most helpful
  1. Simon Auty 11 Reputation points
    May 19, 2023, 2:44 AM

    Hi

    I've tried these settings but can still access USB storage devices.

    2 people found this answer helpful.

  2. Serge THEZENAS 10 Reputation points
    Jun 28, 2023, 9:55 AM

    Bonjour,
    Pour ma part j'utilise ceci pour bloquer les clés USB.
    et des stratégies pour en autoriser certaines pour la financeBlocage USB

    Profil Config USB

    2 people found this answer helpful.
    0 comments No comments

  3. 46614262 5 Reputation points
    Jun 21, 2023, 12:31 AM

    I tried the same and USB devices are accessible only write access from the device to the USB is blocked

    1 person found this answer helpful.
    0 comments No comments

  4. Qais Baghdady 0 Reputation points
    Sep 16, 2023, 11:17 AM

    I'm dealing with the same issue. If you know how to block USB storage devices using Intune, please inform me. We have a Microsoft Business Premium license.

    Thank you in advance

    Qais

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.