USB Ports used for USB flash drives, external hard disks, or memory cards, can pose a security risk for organizations that want to protect their data and prevent unauthorized access or data leakage. While these devices can be useful for transferring files or backing up data, they can also be used to copy or steal sensitive information, introduce malware, or bypass security policies.
Fortunately, Microsoft Intune, a cloud-based service that provides mobile device management (MDM) and mobile application management (MAM) capabilities, allows administrators to control and restrict the use of removable storage devices on Windows 10 devices that are enrolled in Intune. In this blog post, we will show you how to block removable storage with Microsoft Intune.
Table of Contents
What are we going to set up
To block removable storage with Microsoft Intune, we will need to create and assign a device configuration profile that applies to Windows 10 devices. This profile will contain a USB block setting that will configure the Removable Storage Access policy in the Windows Registry. This policy will prevent users from accessing any removable storage devices that are connected to their devices.
How to block USB Ports with Microsoft Intune
To block removable storage with Microsoft Intune we first need to create the configuration profile. Follow these steps:
- Go to intune.microsoft.com
- Click on Devices
- Click on Windows
- Click on Configuration profiles
- Click on Create profile
- Choose Platform Windows 10 and later
- Choose Profile type Templates
- Choose Device restrictions
- Click on Create
- Give it a meaningful name. If you want to learn more about good naming conventions have a look here.
- Click on Next
- Choose General
- Now you have two options:
- Removable storage – Block: This will only disable Removable storage like USB sticks.
-
USB connection – Block: This will block all the USB Ports. Charging is not affected.
For this demonstration i will only Block Removable storage.
- Click on Next
- Assign the Policy
- Click on Next
- You can skip the Applicability Rules
- On the Review + create tab click on Create
Congratulations! You have successfully deployed the policy.
Conclusion
In this blog post, we have shown you how to disable UBS Ports with Microsoft Intune, using device configuration profiles. This is a simple and effective way to enhance the security of your organization’s data and devices, and prevent unauthorized access or data leakage via removable storage devices. We hope you found this blog post helpful and informative. If you have any questions or feedback, please leave a comment below. Thank you for reading!
