Microsoft Intune has the capability to control features and manage devices such as Drives on PCs, Microsoft Edge version 77 (and later), Internet Explorer, Google Chrome, Microsoft Office Programs, Remote desktop, OneDrive, Passwords, PINs, and more in Windows 10 and Windows 11. Administrators can create group policies using built in100% cloud-based templates.
In this blog, we focus on using the Administrative Templates to deny write or read access on removable storages.
Configuring Access to Removable Storage
Sign onto the Microsoft Endpoint Manager admin center.
Select Endpoint security > Attack surface reduction > Create Policy.
To Create a Profile, Select Platform, Windows 10 and later and in Profile section, choose Device control, and create the profile.
On the Basics tab, enter a descriptive name. Optionally, enter a Description for the policy, then select Next.
There are different controls that can be applied, and you can assign the endpoint security profile to a device \ user.
Specific Fields to configure are shown below:
Under Assignments, you can Include or Exclude Groups / All Users or All Devices.
Once you have completed all of the configuration, you will be presented with a summary for you to review before the final creation.
Once the policy is created, users’ access to removable storage devices will be limited.
Would you like to learn more about our services? Email [email protected] or call 289-803-9730. We would be happy to share more details about our self-service or fully managed eDiscovery services!
