Block USB storage devices

In this post, we will learn how to block USB (Removable storage) device. So whenever user plug a USB storage device it won’t work.

What’s the Need?

Some customers would like to block USB devices so their user cannot plug-in and use any USB drive in company owned device. This post will allow us to block USB storge devices which means user can plug the USB but device won’t read the USB drive, ultimately, user cannot use any USB storage on the device.

We had option before in Device control in Attack surface reduction. Now it’s not there. Therefore, below article would be helpful for many. so, let’s get started.

Prerequisites:

• Intune enrolled device.
• Intune license should be assigned to the user.

Steps:

Step 1: Sign into intune.microsoft.com

Step 2: Go to Device > Windows > Configuration Profile.

Step 3: Create new policy and select platform as Windows 10 and later and profile type as Templates and select Administrative template in template name & Click Create.

Step 4: Search with “removable” and you should find All Removable Storage classes: Deny all access. click on it and enabled and Ok.

Step 5: You may select scope tags. If not, just click Next On the assignments tab, click Add Groups. Make sure to only add the group that contains device only.

Step 6: Sync the device.

Once you do, restart the device an observe the changes.