Block removeable usb storage via Intune

Question

Hello,

I searched a lot and find a policy here Endpoint security >> Attack surface reduction>> device control.

Previously there was a option to block usb storage like follwoing picture. Unfortunately, there isn't this option anymore.

So, how can I block just removeable usb storage?
There are some options but each of them has a specific problem.
for example:
Prevent installation of removeable devices:
This option will allow laptop to recognize usb storage that has connected before to the laptop. It just prevent new usb storage to connect.

It would be great if you could help me in this regard
Thank you@

Answer 1

It appears the way this is accomplished has changed.

1. In Endpoint Manager go to Endpoint security > Attack surface reduction > Create Policy
2. Platform: Windows 10 and later, Profile: Device control, then Create
3. Give it a name and description
4. Scroll down and locate the Storage section and enable Removable Disk Deny Write Access
5. Use Scope tags or assign to required groups/users

---

Please accept as an answer if this was helpful.

Answer 2

I'm dealing with the same issue. If you know how to block USB storage devices using Intune, please inform me. We have a Microsoft Business Premium license.

Thank you in advance

Qais

Answer 3

Try this solution, for me worked well for selected users

Devices -> Configuration profiles -> Create profile -> Settings catalog -> Removable Storage Access

If not work reboot the machine

Answer 4

You should check Endpoint Security > Security Baselines > Microsoft Defender for Endpoint Baseline.

Here you can configure removable drive restrictions

Answer 5

That's correct. You an use an ASR policy in Intune to block USB drives access - https://www.prajwaldesai.com/block-usb-drives-using-intune/