Microsoft Defender for Endpoint Device Control Removable Storage Protection

Applies to:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender for Business

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Device control removable storage protection in Microsoft Defender for Endpoint prevents users, endpoints, or both from using unauthorized removable storage media.

Removable storage access control

Capabilities

• Audit Read or Write or Execute access to removable storage based on various device properties, with or without an exclusion.
• Prevent Read or Write or Execute access with or without an exclusion - Allow specific device based on various device properties.

To manage external storage, use removable storage access control instead of device installation.

Windows 10 and Windows 11 support details

• Applied at either the device level, user level. or both. Only allow specific people performing Read/Write/Execute access to specific removable storage on specific machine.
• Support Intune OMA-URI and GPO.
• For Windows devices, see Removable storage Access Control.

Supported Platform

• Windows 10, Windows 11

macOS support details

• Applied at the device level: the same policy applies for any logged on user.
• For macOS specific information, see Device control for macOS.

Supported platform

• macOS 11 (Big Sur) or later

Device installation

Capabilities - Prevent installation with or without exclusion based on various device properties.

Windows 10 and Windows 11 support details:

• Applied at the device level: the same policy applies for any logged on user.
• Supports Microsoft Configuration Manager and Group Policy Objects.
• For more information on Windows, see How to control USB devices and other removable media using Microsoft Defender for Endpoint.

Supported Platform

• Windows 10, Windows 11

macOS support details

• Applied at the device level: the same policy applies for any logged on user
• For macOS specific information, see Device control for macOS.

Supported platform

• macOS 11 (Big Sur) or later

Endpoint DLP Removable storage

Capabilities

• Audit, warn, or prevent a user from copying an item or information to removable media or USB device.

Description

• See Learn about Endpoint data loss prevention.

Supported Platform

• Windows 10, Windows 11

BitLocker

Capabilities

• Block data to be written to removable drives that aren't BitLocker protected.
• Block access to removable drives unless they were encrypted on a computer owned by your organization

Description

• See BitLocker - Removable Drive Settings.

Supported Platform

• Windows 10, Windows 11

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.