@Kevin Halstead , From your description, I know our issue is that the Allowstorgecard registry key will reverse back after restarting. If there's any misunderstanding, feel free to let us know.
Here, I have set device configuration policy and done some tests in my lab for the reference:
Creste device restriction configuration profile and set the Removable storage as blocked.
Testgroup1: test1, test2 (User group)
Test group2: test1 (User group)
Test 1
Add testgroup1 into the assignment, after it is deployed successfully, we find the registry key AllowStorageCard created with value 0. Add testgroup2 into the excluded groups. Wait enough time to let the policy applied again. Find the registry key has changed with value 1. Restart the device, the value is not changed.
Test 2
After the above groups are configured, enroll another device into Intune, for this device the Allowstorgecard registry key will not be added.
It seems in my lab, it is working well. We suggest to only keep the device or user in the excluded group. For example. If the block policy is applied to all devices, for the excluded group, we suggest to only keep the device. Remove the user in it.
However, if it is still not working, to clarify our issue, please provide the following information:
- Please check the status for the affected device under the device configuration profile.
- How did we set to make the USB work?Could you make a more details description? what is the registry key value of AllowStorageCard after rebooting?
Please try the above suggestion and if there's anything unclear, feel free to let us know.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.