Microsoft has introduced a Windows 10 and 11 feature that allows administrators to select which devices connect to endpoints. The layered Group Policy feature will make it easier for organizations to block specific types of USB devices using combined whitelisting and blacklisting.
This feature governs any device, whether internal or external, including USB drives. Administrators can define an allow list, which specifies whitelisted and blacklisted devices by their device identifiers. Windows systems categorize devices by class, device ID, and instance ID.
In the past, Microsoft used a simple combination of an allow policy and a prevent policy, with the latter taking precedence over the former. This rigid approach made it harder to update permissions when new devices entered the market, Microsoft said.
The new layering feature uses a hierarchical list of these identifiers that it examines in order, with higher identifiers taking precedence. This makes it easier to ban all devices of a particular class while making specific exceptions for devices in that class with certain hardware IDs.
The hierarchical layers allow admins to be as exclusive as they wish when defining which devices can connect to Windows endpoints. For example, locking out all USB devices other than those provided by their company. They could also block all USB devices from being installed while allowing all other devices to connect to a Windows endpoint.
RELATED RESOURCE
"With this new policy, you don’t need to know different device classes to prevent USB classes only from being installed," said Microsoft in a blog post announcing the feature. "The new policy allows you to focus scripts on USB classes and be confident that no other class is going to be blocked unless specified by the IT admin."
More effective device blocking could prevent the spread of malware via malicious USB devices. It could also make it more difficult for people to copy data from work computers that could later be lost, causing compliance problems.
Layered Group Policy capabilities are available as part of the optional "C" client release, which is the company's non-security preview release. It will become more widely available on August 10 with the August 2021 Update Tuesday release. Windows 11 will also support the feature, Microsoft said.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Recall arrives for Intel and AMD devices after months of controversyNews Microsoft's Recall feature is now available in preview for customers using AMD and Intel devices.
-
With one year to go until Windows 10 end of life, here’s what businesses should do to prepareNews IT teams need to migrate soon or risk a plethora of security and sustainability issues
-
Microsoft is doubling down on Widows Recall, adding new security and privacy features – will this help woo hesitant enterprise users?
News The controversial AI-powered snapshotting tool can be uninstalled, Microsoft says
-
Microsoft patches rollback flaw in Windows 10News Patch Tuesday includes protection for a Windows 10 "downgrade" style attack after first being spotted in August
-
Companies “wary” of Windows 11 migration challenges as Windows 10 EOL draws closer
News A recent study shows that only a fraction are running Windows 11, despite a rapidly-approaching end of life deadline
-
New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devicesNews Attackers could exploit the Windows vulnerability to repeatedly crash machines and trigger a blue screen of death, according to researchers at Fortra
-
Here’s how much Windows 10 could cost if you don’t upgrade this yearNews Windows 10 extended security updates will cost users dearly, with prices rising incrementally each year.
-
Linux just hit an all-time high share of the global desktop market — and surging popularity in India is driving uptake of the open source operating systemNews Linux is still dwarfed by operating systems such as Windows, but it’s making modest gains off the back of growing popularity in emerging markets
