diff --git a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png b/windows/client-management/mdm/images/custom-profile-prevent-device-ids.png
similarity index 100%
rename from windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png
rename to windows/client-management/mdm/images/custom-profile-prevent-device-ids.png
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 44fa5ef6ae..7380b5d410 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -443,6 +443,12 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 <<<  [Exit status: SUCCESS]
 ```
 
+Windows Defender ATP also blocks installation and usage of prohibited peripherals by using a custom profile in Intune. 
+
+For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed.
+
+![Custom profile](images/custom-profile-prevent-device-ids.png)
+
 <hr/>
 
 <!--Policy-->