diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c8364e901f..8d6ce9a101 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -8551,6 +8551,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Storage/RemovableDiskDenyWriteAccess
+
+ Storage/WPDDevicesDenyReadAccessPerDevice
+
+
+ Storage/WPDDevicesDenyReadAccessPerUser
+
+
+ Storage/WPDDevicesDenyWriteAccessPerDevice
+
+
+ Storage/WPDDevicesDenyWriteAccessPerUser
+
### System policies
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index edbab49c18..64815bafdc 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -48,6 +48,18 @@ manager: dansimp
Storage/RemovableDiskDenyWriteAccess
+
+ Storage/WPDDevicesDenyReadAccessPerDevice
+
+
+ Storage/WPDDevicesDenyReadAccessPerUser
+
+
+ Storage/WPDDevicesDenyWriteAccessPerDevice
+
+
+ Storage/WPDDevicesDenyWriteAccessPerUser
+
@@ -566,5 +578,252 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
+
+**Storage/WPDDevicesDenyReadAccessPerDevice**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:
+- GP Friendly name: *WPD Devices: Deny read access*
+- GP name: *WPDDevices_DenyRead_Access_2*
+- GP path: *System/Removable Storage Access*
+- GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+**Storage/WPDDevicesDenyReadAccessPerUser**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:
+- GP Friendly name: *WPD Devices: Deny read access*
+- GP name: *WPDDevices_DenyRead_Access_1*
+- GP path: *System/Removable Storage Access*
+- GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+**Storage/WPDDevicesDenyWriteAccessPerDevice**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:
+- GP Friendly name: *WPD Devices: Deny write access*
+- GP name: *WPDDevices_DenyWrite_Access_2*
+- GP path: *System/Removable Storage Access*
+- GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+**Storage/WPDDevicesDenyWriteAccessPerUser**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:
+- GP Friendly name: *WPD Devices: Deny write access*
+- GP name: *WPDDevices_DenyWrite_Access_1*
+- GP path: *System/Removable Storage Access*
+- GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+