Hello folks! Today we are going over the procedure on how we can block all USB devices using Intune.
In a special case, if you want to allow specific USB devices while blocking others via Intune. Make sure to check one of my previous posts. I am also going to mention its link here. Allow only authorized USB devices using Intune
Now, lets go over the steps, to summarize;
Steps to Block USB storage
- We will create a configuration profile
- Will select admx aka administrative templates
- Will block USB from there.
1. Login to Intune Portal
2. Devices > Configuration profile
3. Create Profile
4. Platform: Windows 10 and later
5. Profile Type: Templates
6. Click on Administrative templates
7. Name your profile
8. Now, search for “Prevent installation of removable devices” Click on the policy
9. Enable the policy and hit “OK”
This policy will block all USB drives. Again, if you want to allow some USB devices check this out : Allow only authorized USB devices using Intune
10. Now hit Next
11. Depends on your environment. If you have scope tags select them. Otherwise, click Next
12. Add the group you want to target and click select and Next
12. Now click Create
Your policy is created. Now you can manually sync the device or sync from Intune and now the user will have no access to any USB storage device.
