How to deploy removable storage access control on Windows The next few sections will go over how to get started deploying and using the new device control capabilities. This adds an additional layer of security and data protection for work from home and remote work scenarios. The new printer protection feature allows you to block users from printing via a non-corporate network printer or non-approved USB printer. The custom policy allows customization of the URL where user is redirected to when interacting with an end user facing “device restricted” notification.
To achieve a high degree of granularity, USB access level can be specified for Product ID, Vendor ID, and Serial Number.USB device access can be set to Read, Write, Execute, No access.The capability supports Audit and Block enforcement levels.You can find more details in our Mac USB storage device control blog. The access level is controlled through custom policies.
USB storage device control for Mac is designed to regulate the level of access given to external USB storage devices (including SD cards). We also recently introduced removable storage protection capabilities on Mac. The new feature allows to Audit/Allow/Prevent Read, Write, or Execute access to removable storage based on various device properties, e.g., Vendor ID, Serial Number, Friendly Name, with or without an exclusion. We are bringing removable storage access control capabilities on Windows to complement our existing device control protection in scenarios such as Device Installation, removable storage Endpoint DLP, and removable storage BitLocker. What’s new Removable storage access control on Windows General Availability (Windows 1809, 1909, 2004 or later) General Availability (Defender (Mac) version 101.34.20 or later) General Availability (Defender version or later) Removable storage access control on Windows These new device control capabilities further reduce the potential attack surface on user’s machines and safeguard organizations against malware and data loss in removable storage media scenarios. We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios. The move to remote work due to COVID-19 over the last year has raised the risk to another level.Įnd user activities represent one of the most common threat vectors and Microsoft Defender for Endpoint brings a compelling story for organizations looking to reduce their security exposure associated with removable media and printing. These devices help employee productivity, but also pose a threat to enterprise data and serve as a potential entry point for malware and viruses.
We have backported the feature, so now it supports Windows 1809, 1909, 2004 or later.Įxternal devices such as USB and home printers are commonplace tools needed to complete daily business operations. UPDATE: The Printer protection is now General Availability.