- #USB BLOCK 1.6.1 HOW TO#
- #USB BLOCK 1.6.1 CODE#
- #USB BLOCK 1.6.1 DOWNLOAD#
- #USB BLOCK 1.6.1 WINDOWS#
Now let's test the behavior on the device! When I insert a USB that is not on the allowed list, I get this message: Review the configuration profile to ensure the policy has successfully deployed. Go to your device that you deployed the policy to and make sure that it syncs with Intune. Deploy it to a test group of devices first before pushing out to production. Add a 3rd row and repeat for the Block USB Policy. Keep all the OMA-URI settings in one profile. Do not create a separate configuration profile. OMA-URI: *Copy the string from the text file for your USB Group*ĭata Type: String (XML) - *Upload your USB Group XML*Īdd a 2nd row and repeat the process for the Allowed USB XML. It should be a Custom Template.Īdd a new Row with something similar to below:ĭescription: Group for All Removeable Devices
#USB BLOCK 1.6.1 WINDOWS#
Open up Microsoft Endpoint Manager (MEM) and create a new Windows Configuration Profile. Now we move to Endpoint Manager to create the policies. More details on the OMA-URI strings are on the official documentation as well. You'll need the Group ID's from your XML files and paste those in between '%7b' and '%7d'. I have a text file for my OMA-URI strings on my Github. For this, you'll need the OMA-URI strings. Once your XML flies are completed, we need to create the policies within Intune. Here's a list of the flags in the documentation. My access mask is 6 which blocks write and execute. I'm not allowing audit so my deny type is 1 which shows a notification when the policy is triggered. You'll also need to specify the correct flags to enforce. The Include Group is your USB Group and the Exclude Group is your Allowed USB Group. You'll need the unique GUID's from the first two to paste into the correct areas. The final XML file you need is the Policy XML. Do this for each USB you want to allow and paste it in the USB Allow XML file between the InstancePathID. You can manually replace or do a "Find and Replace" of all '&' to '&' This is because you can't escape a '&' in XML. In the device properties, select the tab for Details and the dropdown menu for Device Instance Path. Your USB drive should appear under Disk Drives. To get the UNIQUE InstancePATHID, plug in your USB and open up Device Manager. For this list, we'll be using the InstancePathID. Again, you'll need a unique GUID so generate one and write it in the file. Next, we'll modify the XML file for your approved USB list. Save this file as an XML file with a name you'll remember (i.e. That GUID will be entered into the "Group ID=" field between the. To get one, you can use Powershell and run the command: ::NewGuid(). We'll want the Primary ID to be "RemovableMediaDevices." You'll also need a unique GUID. This doesn't block anything but just specifies the "Primary ID." You can find the list of different primary ID's in the documentation. The first XML file we'll need is the Group XML that will specify the type of mass storage. You'll need 2 "group" XML files and 1 "policy" XML file.
#USB BLOCK 1.6.1 CODE#
I like to use Visual Studio Code or Notepad++. You'll also need a text editor to modify the XML files.
#USB BLOCK 1.6.1 DOWNLOAD#
You can go to the official Github to download samples or I published the XML files I'm using in my own Github. The first thing you'll need to do is download (or create from scratch) some XML files that will be needed to configure your policies. If you prefer to read a tutorial with screenshots, continue on!
#USB BLOCK 1.6.1 HOW TO#
In this blog article, I'll show you how to configure the ability to block mass storage devices with an allow list that you can maintain in Intune and Microsoft Defender for Endpoint.įirst off, if you prefer watching video demos, here's a link to a fantastic video that shows you how to configure it. As every security defender knows, you cannot draw a hard line and block EVERY USB mass storage device. usb.A common request from information security teams is the ability to block mass storage devices. Import ) Īttaches a callback to plugging in a device.
0 kommentar(er)
