USB Access Read & Write Block

This guide will show an administrator how to restrict USB read and write access for Intune joined Windows devices.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

USB Access Read & Write Block

  1. Navigate to the Attack Surface Reduction – Intune portal, locate and select the Security Essentials Memory and USB Protection policy or an equivalent Device Control policy.
  2. Scroll down to Configuration Settings and select Edit.
  3. The default rules will be displayed. Begin by selecting the dropdown beside the Device Installation Restrictions blade. Locate the Prevent installation of removable devices option, we will want to select the drop down and set the configuration from Disabled or Not configured to Enabled. This will restrict the ability for USB devices to have read and write access. Select Next to continue.
  4. From the Review section, you will be able to select the Settings dropdown to verify that the read and write access block has properly generated. Select Save to finalize the USB read and write access block. Rule changes propagate in less than 24 hours.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.