From a9a831b9dedd4f6e7bb6c87d1cc7c7c6f4454e2a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 13 Nov 2018 16:42:57 -0800 Subject: [PATCH] added link to csp docs --- .../device-control/control-usb-devices-using-intune.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index dc44233f02..c46d27571f 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -27,7 +27,7 @@ If real-time protection is enabled, files are scanned before they are accessed a You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted. > [!NOTE] -> These threat reduction measures help prevent malware from coming into your environment. You can also configure data loss prevention measures to to protect enterprise data from leaving your environment. For data loss prevention on Windows 10 devices, you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device. +> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For data loss prevention on Windows 10 devices, you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device. ## Block unwanted removeable storage @@ -55,8 +55,12 @@ You can optionally [run a PowerShell script to perform a custom scan](https://ak 7. Click **Create** to save the profile. +Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies. + ## Protect allowed removable storage +These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). + 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**.