Device Control lets you control which external devices are allowed to be used with endpoints. Use Device Control to:
- Block external devices, that are not required from connecting your endpoints, to limit data leaks
- Strictly control allowed devices to prevent malicious content that can enter your network through external devices and Bluetooth connections
Device Control settings are specific to the EDR Profile they are contained in.
You can manage external USB devices with Windows and macOS Agents, as well as manage Bluetooth devices.
Rules for Bluetooth are supported on Windows 10 and Windows Server 2012, 2016, and 2019.
The Device Control Policy includes Settings and Rules:
- Settings: Turn Device Control on or off, define the inheritance settings, and select the Activity log settings. Define some settings for Bluetooth devices.
- Rules: Create and organize rules to allow or block connection of specific devices, or groups of devices, to endpoints, based on the device identifiers
End User Interaction with Device Control
When an end-user inserts a device that is blocked by Device Control, a message shows on the endpoint.
End-users cannot create requests automatically from these messages. This is to prevent an overload of requests for Security Users.