diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index 74a43afb5e..b8f2f1dbc6 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -111,7 +111,7 @@ For example:
 If you want to prevent the installation of a device class or certain devices, you can use the prevent device installation policies:
 
 1. Enable **Prevent installation of devices that match any of these device IDs**.
-2. Enable **Prevent installation of devices that match these device setup classes**.
+2. Enable **Prevent installation of devices using drivers that match these device setup classes**.
 
 > [!Note]
 > The prevent device installation policies take precedence over the allow device installation policies.
@@ -145,6 +145,14 @@ Get-WMIObject -Class Win32_DiskDrive |
 Select-Object -Property * 
 ```
 
+The **Prevent installation of devices using drivers that match these device setup classes** policy allows you to specify device setup classes that Windows is prevented from installing. 
+
+To prevent installation of particular classes of devices: 
+
+1. Find the GUID of the device setup class from [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
+2. Enable **Prevent installation of devices using drivers that match these device setup classes** and add the class GUID to the list.
+![Add device setup class to prevent list](images/Add-device-setup-class-to-prevent-list.png)
+
 ### Block installation and usage of removable storage
 
 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
diff --git a/windows/security/threat-protection/device-control/images/Add-device-setup-class-to-prevent-list.png b/windows/security/threat-protection/device-control/images/Add-device-setup-class-to-prevent-list.png
new file mode 100644
index 0000000000..043da38016
Binary files /dev/null and b/windows/security/threat-protection/device-control/images/Add-device-setup-class-to-prevent-list.png differ