The first XML file we'll need is the Group XML that will specify the type of mass storage. You'll need 2 "group" XML files and 1 "policy" XML file.
I like to use Visual Studio Code or Notepad++. You'll also need a text editor to modify the XML files. You can go to the official Github to download samples or I published the XML files I'm using in my own Github. The first thing you'll need to do is download (or create from scratch) some XML files that will be needed to configure your policies. If you prefer to read a tutorial with screenshots, continue on! In this blog article, I'll show you how to configure the ability to block mass storage devices with an allow list that you can maintain in Intune and Microsoft Defender for Endpoint.įirst off, if you prefer watching video demos, here's a link to a fantastic video that shows you how to configure it. As every security defender knows, you cannot draw a hard line and block EVERY USB mass storage device. For details, please see Creating a Tamper Protection exception on Windows clients or Creating exceptions from log events.A common request from information security teams is the ability to block mass storage devices. It is recommended to create a Tamper Protection exclusion, where possible, rather than disable Tamper Protection altogether. This occurs as soon as the clients receive the updated policy from the SEPM. Tamper Protection is disabled for clients within this client-group, and for clients within client-groups that inherit policies from this group. Therefore if you want to make group level changes this should be turned OFF. Note: If Policy inheritance is marked as ON, then policies and settings will be inherited from the main parent group and no modifications will be allowed.Select the client-group you want to modify.
Use this method to disable Tamper Protection on a small number of clients. Disable Tamper Protection on a single client
0 kommentar(er)
