This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I am trying to disable USB ports on certain systems via USB device control. However, I can't seem to find a clear way to do this (I'm not too sure what the prerequisites are)? For example, in this article (https://thewindowsupdate.com/2021/12/16/block-usb-in-microsoft-defender-for-endpoint-and-intune/) it appears that you have to 1.) Have the Defender for Endpoint agent installed and 2.) You have to have your system managed via Intune. My question is, what if you had the Defender agent installed but you used SCCM or have co-managed systems?
Hi,
Thanks for posting in Microsoft MECM Q&A forum.
Per my experience, we can use Group Policy or Intune to manage USB devices. For more information, please refer to below guides:
Manage USB Devices on Windows Hosts
MEM – All thing about USB Drive Management and Troubleshooting
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Hope everything goes well. May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.
Best regards,
Simon
I must say that the documentation on the Microsoft Learn site is not so clear, but I think this document from Peter van der Woude makes it much easier to understand: https://www.petervanderwoude.nl/post/controlling-devices-connected-to-windows-devices/
The article assumes that you are using Microsoft Endpoint Manager but doing this via another whay like Active Directory Group Policies will be similar.
I have configured things according to this article and that works fine on fully-cloud managed devices. You can choose to allow only specific devices and block all others, or the other way around.