Microsoft Defender for Endpoint Device Control Removable Storage Protection

Applies to:

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Device control removable storage protection in Microsoft Defender for Endpoint prevents users, endpoints, or both from using unauthorized removable storage media.

Protection policies

Removable storage access control

Capabilities

  • Audit Read or Write or Execute access to removable storage based on various device properties, with or without an exclusion.
  • Prevent Read or Write or Execute access with or without an exclusion - Allow specific device based on various device properties.

To manage external storage, use removable storage access control instead of device installation.

Windows 10 and Windows 11 support details:

  • Applied at either the device level, user level. or both. Only allow specific people performing Read/Write/Execute access to specific removable storage on specific machine.
  • Support MEM OMA-URI and GPO.
  • For Windows devices, see Removable storage Access Control.

Supported Platform - Windows 10, Windows 11

macOS support details:

  • Applied at the device level: the same policy applies for any logged on user.
  • For macOS specific information, see Device control for macOS.

Supported platform - macOS Catalina 10.15.4+ (with system extensions enabled)

Device installation

Capabilities - Prevent installation with or without exclusion based on various device properties.

Windows 10 and Windows 11 support details:

Supported Platform - Windows 10, Windows 11

macOS support details:

  • Applied at the device level: the same policy applies for any logged on user
  • For macOS specific information, see Device control for macOS.

Supported platform - macOS Catalina 10.15.4+ (with system extensions enabled) or later

Endpoint DLP Removable storage

Capabilities - Audit, warn, or prevent a user from copying an item or information to removable media or USB device.

Description - For more information on Windows, see Learn about Endpoint data loss prevention.

Supported Platform - Windows 10, Windows 11

BitLocker

Capabilities:

  • Block data to be written to removable drives that aren't BitLocker protected.
  • Block access to removable drives unless they were encrypted on a computer owned by your organization

Description - For more information on Windows, see BitLocker - Removable Drive Settings.

Supported Platform - Windows 10, Windows 11