How to Block All USB Sticks Except Company Approved USB Sticks with Microsoft Intune and Defender for Endpoint Step-by-step, Post any question as a new Comment to get a response in less than 10 minutes, try once.
Hi, Thank you for making this useful session. I did have a similar requirement to allow on corporate USB and block rest, so followed the same as explained. I can see from event logs and registry entries that policy group and policy rules are successfully applied but still problem persist it is not blocking the USBs, instead allowing any USB connected. Any suggestions please ?
Hi pramod2bobby, I'm sorry to hear that you're experiencing issues with implementing the policy to only allow corporate USBs and block the rest. It sounds like you've followed the steps correctly and the policy rules have been successfully applied, but the problem still persists. I would recommend checking the configuration settings again to ensure everything is set up correctly. You may also want to double-check the permissions and access rights on the policy group and rules. If the problem continues, it may be helpful to check events… ensure you added properly the serial number and other values shown, you can use hwinfo tool to extract the usb details and enter these values … for sure it works…
Hi, Hope you are doing well! Could we create a configuration profile to allow specific hardware IDs and USBs? Alternatively, would it be better to use Intune Defender Endpoint Security for this purpose? Please advise on the best option. Thank you.
Hello vinodkumardalai5844, Thank you for reaching out with your question. In regards to your inquiry about creating a configuration profile to allow specific hardware IDs and USBs, it may depend on the specific requirements and capabilities of your system. Intune Defender Endpoint Security is a robust option that can help manage security configurations and policies for your devices. It offers advanced protection features and can be an effective solution for controlling access to hardware peripherals like USBs. I would recommend discussing your specific needs and goals with your IT team or a cybersecurity professional to determine the most suitable option for your organization. They can provide insights on the best approach based on your unique environment and security requirements. Thank you for considering these options and feel free to reach out if you have any further questions or need additional assistance. Best regards, Paddymaddy
Hello MrSachinraj, thank you for your comment. At this time, we do not have any plans to start a series specifically focused on Defender for Endpoint. However, we are always open to suggestions for new content and will certainly consider adding it to our future content schedule. Thank you for your interest and feedback!
Hello @sudhirreddy6253, Thank you for bringing this issue to our attention. We apologize for any inconvenience this may have caused you. We are currently working to address the issue with blocking for Mac devices and hope to have a solution in place soon. In the meantime, please feel free to reach out to our customer support team for further assistance. Thank you for your patience and understanding. Best regards, Paddymaddy
Hi paddy One device showing bitlocker not applicable in compliance policy but the device is already encrypted.and bitlocker key not showing.for this device i applied conditional access policy like outlook on web should be accessible on intune complaint device only.when user try to access outlook it shows message as your device non compliant.when i see device compliance policy in this it shows bitlocker not applicable
Hi srinivasnaidu173, Thank you for reaching out about the issue you are experiencing with BitLocker and device compliance on your device. It seems like there may be a misconfiguration or an issue with the device compliance policy settings. I recommend checking the following steps to troubleshoot the problem: 1. Ensure that the device is indeed encrypted with BitLocker. Check the BitLocker settings on the device to confirm this. 2. Verify that the BitLocker recovery key is available for the device. You may need to retrieve this key from the BitLocker management console. 3. Double-check the conditional access policies applied to the device and ensure that they are correctly configured. 4. Check for any errors or warnings in the Intune console that may provide more information about the compliance issue. If the issue persists after checking these steps, I recommend reaching out to Microsoft Intune support for further assistance. They may be able to provide more specific guidance on resolving the compliance issue. I hope this helps, and please let me know if you have any further questions or concerns. Thank you.
How to Block All USB Sticks Except Company Approved USB Sticks with Microsoft Intune and Defender for Endpoint Step-by-step, Post any question as a new Comment to get a response in less than 10 minutes, try once.
Hi, Thank you for making this useful session.
I did have a similar requirement to allow on corporate USB and block rest, so followed the same as explained. I can see from event logs and registry entries that policy group and policy rules are successfully applied but still problem persist it is not blocking the USBs, instead allowing any USB connected. Any suggestions please ?
Hi pramod2bobby, I'm sorry to hear that you're experiencing issues with implementing the policy to only allow corporate USBs and block the rest. It sounds like you've followed the steps correctly and the policy rules have been successfully applied, but the problem still persists.
I would recommend checking the configuration settings again to ensure everything is set up correctly. You may also want to double-check the permissions and access rights on the policy group and rules.
If the problem continues, it may be helpful to check events… ensure you added properly the serial number and other values shown, you can use hwinfo tool to extract the usb details and enter these values … for sure it works…
Hi,
Hope you are doing well!
Could we create a configuration profile to allow specific hardware IDs and USBs? Alternatively, would it be better to use Intune Defender Endpoint Security for this purpose? Please advise on the best option.
Thank you.
This is the same video what’s not there in this video as per you?
Hello vinodkumardalai5844,
Thank you for reaching out with your question. In regards to your inquiry about creating a configuration profile to allow specific hardware IDs and USBs, it may depend on the specific requirements and capabilities of your system.
Intune Defender Endpoint Security is a robust option that can help manage security configurations and policies for your devices. It offers advanced protection features and can be an effective solution for controlling access to hardware peripherals like USBs.
I would recommend discussing your specific needs and goals with your IT team or a cybersecurity professional to determine the most suitable option for your organization. They can provide insights on the best approach based on your unique environment and security requirements.
Thank you for considering these options and feel free to reach out if you have any further questions or need additional assistance.
Best regards, Paddymaddy
Hi Paddy - Any plan to start Defender for Endpoint series ?
Hello MrSachinraj, thank you for your comment. At this time, we do not have any plans to start a series specifically focused on Defender for Endpoint. However, we are always open to suggestions for new content and will certainly consider adding it to our future content schedule. Thank you for your interest and feedback!
not able to block for mac devices
Hello @sudhirreddy6253,
Thank you for bringing this issue to our attention. We apologize for any inconvenience this may have caused you. We are currently working to address the issue with blocking for Mac devices and hope to have a solution in place soon. In the meantime, please feel free to reach out to our customer support team for further assistance. Thank you for your patience and understanding.
Best regards,
Paddymaddy
Hi paddy
One device showing bitlocker not applicable in compliance policy but the device is already encrypted.and bitlocker key not showing.for this device i applied conditional access policy like outlook on web should be accessible on intune complaint device only.when user try to access outlook it shows message as your device non compliant.when i see device compliance policy in this it shows bitlocker not applicable
Hi srinivasnaidu173,
Thank you for reaching out about the issue you are experiencing with BitLocker and device compliance on your device. It seems like there may be a misconfiguration or an issue with the device compliance policy settings.
I recommend checking the following steps to troubleshoot the problem:
1. Ensure that the device is indeed encrypted with BitLocker. Check the BitLocker settings on the device to confirm this.
2. Verify that the BitLocker recovery key is available for the device. You may need to retrieve this key from the BitLocker management console.
3. Double-check the conditional access policies applied to the device and ensure that they are correctly configured.
4. Check for any errors or warnings in the Intune console that may provide more information about the compliance issue.
If the issue persists after checking these steps, I recommend reaching out to Microsoft Intune support for further assistance. They may be able to provide more specific guidance on resolving the compliance issue.
I hope this helps, and please let me know if you have any further questions or concerns. Thank you.
Ideally the policy may not be applied to this device
@@PaddyMaddy26 policy applied.but tpm not enabled in the device may be this is the issue