Block USB Mass Storage With Intune

November 23, 2022
Research
0 Comments
paris

From help here Prevent Write and Execute access to non-approved removable storage using Device Control and Microsoft Intune – imab.dk

Name Configure Removable Storage Access Control

OMA-URI ./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled

Data Integer

Value 1

Name MatchAnyRemovableMediaDevices

OMA-URL ./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyGroups/%7b7cb998dc-4e35-4191-a0b8-90444bbb6ce9%7d/GroupData

Data Type String

Value :

<Group Id="{9fb0c5f7-af60-4b9e-a5d6-105af5c1b427}">
    <MatchType>MatchAny</MatchType>
    <DescriptorIdList>
        <PrimaryId>RemovableMediaDevices</PrimaryId>
    </DescriptorIdList>
</Group>

Name Block Write and Execute Access

OMA-URI ./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyRules/%7bcc2be156-173a-41e3-ba80-491a866fa59f%7d/RuleData

Data Type String

Value

<PolicyRule Id="{cc2be156-173a-41e3-ba80-491a866fa59f}">
    <Name>Block Read, Write and Execute Access</Name>
    <IncludedIdList>
        <GroupId>{9fb0c5f7-af60-4b9e-a5d6-105af5c1b427}</GroupId>
    </IncludedIdList>
    <ExcludedIdList>
		<GroupId>{79ebf2e6-bc7f-4e4a-baba-ed4b931f3625}</GroupId>
	</ExcludedIdList>
    <Entry Id="{a0bcff88-b8e4-4f48-92be-16c36adac930}">
        <Type>Deny</Type>
        <Options>0</Options>
        <AccessMask>7</AccessMask>
    </Entry>
	<Entry Id="{07e22eac-8b01-4778-a567-a8fa6ce18a0c}">
        <Type>AuditDenied</Type>
        <Options>3</Options>
        <AccessMask>7</AccessMask>
    </Entry>
</PolicyRule>

(No Ratings Yet)