In the following example, the iPad is blocked because its device ID isn't in the allowed device ID list:Ī device is blocked but should be allowed The installation of this device is forbidden by system policy. If a USB device is blocked from installing, then you see a message similar to the following message: When you select Create, your changes are saved and the profile is assigned.Īfter the device configuration profile is deployed to your targeted devices, you can confirm that it works correctly. In Review + create, review your settings. In Assignments, select the device groups that will receive the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT. In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment. There's also some helpful device ID information at Microsoft Defender for Endpoint Device Control Device Installation: Deploying and managing policy via Intune. For the specific steps, see find the hardware ID on a Windows device. To get the device/hardware ID, you can use Device Manager, find the device, and look at the properties. Then, add the device/hardware IDs for devices you want to allow: In the following example, the Keyboard, Mouse, and Multimedia classes are allowed:Īllow installation of devices that match any of these Device IDs: Select Enabled. Then, add the class GUID of the device classes you want to allow. Prevent installation of devices not described by other policy settings: Select Enabled > OK:Īllow installation of devices using drivers that match these device setup classes: Select Enabled. In Configuration settings, configure the following settings:
This setting is optional, but recommended. Description: Enter a description for the profile.Name: Enter a descriptive name for the profile.In Basics, enter the following properties: Profile type: Select Templates > Administrative Templates.Select Devices > Configuration profiles > Create profile. Sign in to the Microsoft Endpoint Manager admin center. This article shows you how to create an ADMX policy with USB settings, and use a log file to troubleshoot devices that shouldn't be blocked. For more information on Administrative Templates, and what they are, see Use Windows 10/11 templates to configure group policy settings in Microsoft Intune.
You can use Administrative Templates (ADMX) templates to configure these settings in a policy, and then deploy this policy to your Windows devices. You may also want to allow specific USB devices, such as a keyboard or mouse. Many organizations want to block specific types of USB devices, such as USB flash drives or cameras.
0 kommentar(er)
