Whitelist USB via Device Control

Question

Hello everyone,

 I aim to block all USB removable storage, from intune, and allow access to some via a Whitelist. 

To do this, I followed the procedure provided by Microsoft (https:/ /learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) through the UI.

The blocking message goes up well on the unauthorized keys, and the log goes up well in Defender365. 

On the other hand, for the whitelisted keys, I have no message, but these are not accessible even if they appear in the explorer (I see the drive letter but not the size or the name.

And clicking on it, nothing happens.) I tried to modify the access rights but nothing helps. 

idea? Thanks :)

Answer 1

@Gaël Potin, Thanks for posting in Q&A. From your description, it seems we want to block all USB removable storage but allow access to some. But the allow is not working to entering the USB in the white list. Could you get let us know how did we configure the policies? Did we configure the one as the same as in scenario 1? Was the policy deployed successfully in Intune portal?

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide#scenario-1-prevent-write-and-execute-access-to-all-but-allow-specific-approved-usbs-1

If there's any update, feel free to let us know.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.