In today’s mixed work environment where people work from different places, keeping company data safe is more important than ever. Microsoft Intune’s Device Control helps protect your business from risks that come with using removable media and external devices. In this blog post, we’ll look at how using Device Control in Microsoft Intune can help your business stay safe and follow rules.
To set up and use Device Control, you need:
Microsoft Defender for Endpoint Plan 1
Microsoft Defender for Endpoint Plan 2
Microsoft Defender XDR
Microsoft Defender for Business
To access and use Removable Storage Access Control, you must have Microsoft 365 E3.
How to set up and configure External Devices with Intune / Device Control
The first thing you need to do is find the device’s Hardware ID. In my example, I am using a plugged-in mobile phone.
Go to intune.microsoft.com > Endpoint Security > Attack Surface Reduction > Reusable settings and press Add
Please note that this feature is still in preview when this post is written.
Select Add and name your policy > Click Next
In the next step, select Add + > Removable Storage
Please note that this feature is still in preview when this post is written.
Select Add and name your policy > Click Next
In the next step, select Add + > Removable Storage
Add instance
Enter the details you obtained from the Device Manager. In my example, it is a mobile phone. Press Save.
Select Next > Add to finish the policy
Go to intune.microsoft.com > Endpoint Security > Attack Surface Reduction > Create Policy
Select Platform: Windows 10, Windows 11, and Windows Server
Select Profile: Device Control
Name the policy and press next
Enable ”Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria”
And in my case ”WPD Devices: Deny read access”
And ”WPD Devices: Deny write access”
Scroll down to Device Control and add your reusable setting as Excluded ID
Edit Entry by click + Edit Entry. In my case I have Deny read, write and execute with this settings:
Assign a group to your policy and finish it up.
Remember to test your policys before you roll out it to the company.
Key Benefits of Device Control
Data Loss Prevention: Controls external device usage, reducing the risk of accidental or intentional data breaches.
Protection Against Malware: Blocks potentially infected external devices, reducing malware spread.
Enhanced Compliance: Helps organizations comply with data protection regulations by enforcing consistent data transfer policies.
Improved Productivity: Limits time spent managing unauthorized devices and addresses malware issues efficiently.
Centralized Management: Offers a centralized platform for managing all device control settings, easing administrative burdens.
Conclusion Utilizing Microsoft Intune’s Device Control is crucial for businesses aiming to protect their digital environments. This tool not only secures sensitive data but also supports regulatory compliance and enhances operational efficiency. As businesses continue to navigate the challenges of modern IT environments, embracing comprehensive solutions like Intune’s Device Control is essential for maintaining robust security protocols.