Windows admins now can block external devices via layered Group Policy
Microsoft has actually incorporated assistance for layered Group Policies, which permit IT admins to handle what interior or even external devices consumers can be actually set up on business endpoints around their association’s system.
Devices that can be actually obstructed or even enabled to put up on endpoints consist of ink-jet printers, USB storage space disks, and also various other USB peripherals contributed to an offered association’s forbidden or even accepted checklist of devices.
Benefits of handling unit installment with help from group plans consist of decreasing assistance prices and also lowering the threat of business records fraud.
All devices included their very own collection of “device identifiers” know due to the device (e.g., course, unit I.D., and also case I.D.).
Using these identifiers, an admin can make an ‘make it possible for checklist’ of enabled devices that are going to block all various other devices coming from being actually set up.
The brand-new administer layered Group Policy attribute gives even more rough command over what devices are actually obstructed coming from installment making use of a collection of unit identifiers like case IDs, equipment IDs, configuration course, and also easily removable unit home.
Per Microsoft, making use of the administer layered Group Policy along with presently existing unit installment plans enhances adaptability and also user-friendly consumption:
- Intuitive consumption: the brand-new policy permits you to ensure that merely unit training class on the forbidden checklist are actually obstructed coming from installment
- Flexibility: the brand-new policy launches ordered layering making use of the Device case IDs > > Device IDs > > Device configuration course > > Removable devices purchase, which bypasses opposing stop and also make it possible for policy environments.
If you would like to administer right now in your atmosphere, the pathway to the brand-new Group Policy is actually Computer Configuration > > Administrative Templates > > System > > Device Installation > > Device Installation Restrictions > > ‘Apply layered purchase of assessment for Allow and also Prevent unit installment plans around all unit suit requirements’.
“Applying layered Group Policy is available on all Windows 10 systems where as part of the July 2021 optional ‘C’ client release, and will be made more broadly available beginning in the August 2021 Update Tuesday release,” Microsoft said.
“The Windows Server release will follow thereafter. This feature will also be supported in Windows 11.”
Additional relevant information on the “Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria” policy environment is actually readily available on the Microsoft 365 docs website.