diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index 5969cb07aa..ecf929900a 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -152,6 +152,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl
 ### Only allow installation and usage of specifically approved peripherals
 
 Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation).
+For example, this custom profile allows installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0".
 
 ![Custom profile](images/custom-profile-allow-device-ids.png)
 
@@ -162,7 +163,8 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla
 
 ### Prevent installation of specifically prohibited peripherals
 
-Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune.
+Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. 
+For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed.
 
 ![Custom profile](images/custom-profile-prevent-device-ids.png)
 
diff --git a/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png b/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png
index 1e0f0587a3..1b6d4aa708 100644
Binary files a/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png and b/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png differ
diff --git a/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png
index d6679cd0bf..95ac48ec54 100644
Binary files a/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png and b/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png differ
diff --git a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png
index 46e55e7717..d949232d44 100644
Binary files a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png and b/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png differ