question

Robert-5508 avatar image
0 Votes"
Robert-5508 asked saldana-msft edited

Disable USB Ports Via Defender for Endpoint (Device Control)

I am trying to disable USB ports on certain systems via USB device control. However, I can't seem to find a clear way to do this (I'm not too sure what the prerequisites are)? For example, in this article (https://thewindowsupdate.com/2021/12/16/block-usb-in-microsoft-defender-for-endpoint-and-intune/) it appears that you have to 1.) Have the Defender for Endpoint agent installed and 2.) You have to have your system managed via Intune. My question is, what if you had the Defender agent installed but you used SCCM or have co-managed systems?

mem-intune-device-configurationsmem-cm-co-management
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered SimonRenMSFT-3639 commented

Hi,

Thanks for posting in Microsoft MECM Q&A forum.

Per my experience, we can use Group Policy or Intune to manage USB devices. For more information, please refer to below guides:
Manage USB Devices on Windows Hosts
MEM – All thing about USB Drive Management and Troubleshooting

Thanks for your time. Have a nice day!

Best regards,
Simon

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimonRenMSFT-3639 avatar image SimonRenMSFT-3639 ·

Hi,

Hope everything goes well. May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.

Best regards,
Simon

0 Votes 0 ·
Duncan-deWaal avatar image
0 Votes"
Duncan-deWaal answered Duncan-deWaal commented

I must say that the documentation on the Microsoft Docs site is not so clear, but I think this document from Peter van der Woude makes it much easier to understand: https://www.petervanderwoude.nl/post/controlling-devices-connected-to-windows-devices/
The article assumes that you are using Microsoft Endpoint Manager but doing this via another whay like Active Directory Group Policies will be similar.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Duncan-deWaal avatar image Duncan-deWaal ·

I have configured things according to this article and that works fine on fully-cloud managed devices. You can choose to allow only specific devices and block all others, or the other way around.

0 Votes 0 ·