Although it’s not seen in most organizations, there are cases where you would like to restrict the access to an USB device for your users. Here is where Intune comes in. Let’s see how you can achieve this:
1. Navigate to the Microsoft Endpoint Manager admin center
2. Go to Endpoint security > Attack surface reduction and click on Create Policy
3. For the Platform select Windows 10 and later and for Profile select Device Control, then click Create
4. Select a distinctive name that you will recognize what the policy does, for example Disable USB Devices and click Next
5. In the Configuration Settings tab, under Device Control, scroll to Block Removable Storage and select Yes. Click on Next
6. If you want to add any Scope Tags you can add them now, otherwise click Next to go to Assignments
7. Under Included Groups click on Add Groups
8. Click on Review + Create and Create