From d2bd5210971bf222481a798ca2bc9745df863058 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 28 Nov 2018 15:19:45 -0800 Subject: [PATCH] revised intro --- .../control-usb-devices-using-intune.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 0d57c41eee..1bbe22465b 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -15,18 +15,7 @@ ms.date: 11/27/2018 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -You can configure Intune settings to reduce threats from removable storage such as USB devices, including: - -- [Block prohibited removeable storage] -- [Protect authorized removable storage] - -> [!NOTE] -> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removeable disks. - -## Controlling device installation and usage - -The following table describes different sceanrios for controlling device installation and usage. +Intune can help reduce threats from removable storage such as USB devices. The following table describes different sceanrios for controlling installation and usage of removeable storage and other devices. | Control | Description | |----------|-------------| @@ -34,6 +23,8 @@ The following table describes different sceanrios for controlling device install | [Protect authorized removeable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removeable storage devices. | | [Block or allow specific devices](#block-or-allow-specific-device-ids-and-setup-classes) | Users can install most devices but not a list of prohibited devices. | +> [!NOTE] +> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removeable disks. ## Block prohibited removeable storage