Device USB Access Policy Modification Procedure

This admin procedure will provide background information on modifying an existing USB device control attack surface reduction rule.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

USB & Removable Storage Device Control

One of the more common ways for malware or data to be exfiltrated from a network is through a simple USB stick. While many people work to secure down their DLP rules for email, its often overlooked to control the use of USB devices. These devices can have lighting fast transfer speeds, making quick work of exfiltrating even the largest of files. Along with data exfiltration, introduction of malware is certainly a concern for USB devices plugged into machines.


Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity


Modifying a Device USB Access Policy

  1. Navigate to Attack Surface Reduction – Intune, select the policy you wish to alter.
  2. Upon opening the rule, select Properties; all the information of the policy will be displayed. 4 points of interest will be available to You can modify the sections as needed.
    1. Basics: Adjusts non-functional items of the rule, such as the Name or Description.
    2. Assignments: Specifies which groups will have USB access for their devices.
    3. Scope Tags: Specifies which administrators can view and alter this object.
    4. Configuration Settings: Allows you to set specific security controls that apply to Removable storage devices such as restricting access to only specific types of drives, etc.
  3. The Sections will all have the same prompt for adjustments, either add, remove, or delete the setting and select Review + Save to finalize the changes.
  4. Once on the revisions page, if all the necessary adjustments look correct, select Save to finalize the modification process.

You're Finished!

You should have successfully modified an existing USB device control attack surface reduction rule that will be pushed to the specified onboarded device group. For any other problems or questions, reach out to us!