This guide will show an administrator how to add a desired allowance or prevention on a specific USB device instance ID for Intune joined Windows devices.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
USB Access Device Instance Identifier Rule Addition
- Navigate to the Attack Surface Reduction – Intune portal, locate and select the Security Essentials Memory and USB Protection policy or an equivalent Device Control policy.
- Scroll down to Configuration Settings and select Edit.
- The default rules will be displayed. Begin by selecting the dropdown beside the Device Installation Restrictions blade. Locate the Allowed Instance IDs or Prevented Instance IDs option depending on the desired outcome for USB handling, select the Add button below the desired previously listed header. A text box will be generated where you can specify the necessary device identifier. The allow or block list is only available if the Allow or Prevent installation of devices that match any of these device instance IDs security settings is set to Enabled, the prevent setting also has an additional unique setting Also apply to matching devices that are already installed (Device) that will remove already installed USB devices if they do not match the newly enforced criteria. Select Next to continue.
- From the Review section, you will be able to select the Settings dropdown to verify that the necessary device instance identifiers are properly generated. Select Save to finalize the necessary device instance identifier rule addition. Rule changes propagate in less than 24 hours.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.