In the Device Control settings of a workstations and servers settings profile, you can control the behavior of protected Windows computers when they connect to a removable or mass storage device. You can select the device or devices you want to authorize or block, and specify their usage.
To configure device control:
- From the top navigation bar, select Settings.
- From the left pane, select Workstations and Servers.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
The Add Settings or Edit Settings page opens.
- Enter a Name and Description for the profile, if required.
- Select Device Control.
- Enable the Enable Device Control toggle.
- For each type of device, specify the authorized use.
- Removable Storage Drives and CD/DVD Drives:
- Block – Computer cannot connect to the drive.
- Allow read access – Computer can read the drive.
- Allow read & write access – Computer and read and write to the drive.
- Bluetooth Devices, Mobile Devices, Imaging Devices, and Modems:
- Allow – Computer can connect to the device.
- Block – Computer cannot connect to the device.
- Click .
The Add Devices dialog box opens.
- Select the devices and computers you want to add to the allowlist.
- Click Add.
For information on how to create a list of device IDs to import, see Determine the Device Unique ID.
- In the Allowed Devices list, select the computer or device.
- Click .
- Type a new name and click OK.
For more information, see Assign a Settings Profile.