Block removeable usb storage via Intune

Question

Hello,

I searched a lot and find a policy here Endpoint security >> Attack surface reduction>> device control.

Previously there was a option to block usb storage like follwoing picture. Unfortunately, there isn't this option anymore.

So, how can I block just removeable usb storage?
There are some options but each of them has a specific problem.
for example:
Prevent installation of removeable devices:
This option will allow laptop to recognize usb storage that has connected before to the laptop. It just prevent new usb storage to connect.

It would be great if you could help me in this regard
Thank you@

Accepted Answer

It appears the way this is accomplished has changed.

In Endpoint Manager go to Endpoint security > Attack surface reduction > Create Policy
Platform: Windows 10 and later, Profile: Device control, then Create
Give it a name and description
Scroll down and locate the Storage section and enable Removable Disk Deny Write Access
Use Scope tags or assign to required groups/users

Please accept as an answer if this was helpful.

Answer

Try this solution, for me worked well for selected users

Devices -> Configuration profiles -> Create profile -> Settings catalog -> Removable Storage Access

bloqueio-storage-usb

If not work reboot the machine

Answer

You should check Endpoint Security > Security Baselines > Microsoft Defender for Endpoint Baseline.

Here you can configure removable drive restrictions

Answer

That's correct. You an use an ASR policy in Intune to block USB drives access - https://www.prajwaldesai.com/block-usb-drives-using-intune/

Answer

Simplest path I have found to the setting:

Give your policy a name and description and click the next button

Expand General and block Removable storage.

Finish configuring your policy with assignments and scope tags (if using them) and test

User's image

Share via

Block removeable usb storage via Intune

8 additional answers

Your answer