• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 26
  • Last Modified:

block USB per user

hello,

we are in AD (azure) it seems that we cant setup GPO to block USB per user (only per device working).
if it not possible please recommend on any tools to execute this.

Best Regards,

Udi
0
Robert-Prodigy
Asked:
Robert-Prodigy
  • 3
  • 3
  • 2
4 Solutions
 
Adam BrownSr Solutions ArchitectCommented:
You'll have to have a third party solution to do peripheral management on a per-user basis. I don't know of many tools that provide this, but the Sophos AV advanced license has this capability.
0
 
McKnifeCommented:
I have a way for you, but I don't know if you'd like it.
First of all, it requires a server 2012 or higher domain controller (which should be given with Azure AD, but I don't use that and am not sure what management tools it offers - is it a true GPMC that you use?)
Then, the clients need to be at least windows 8.

Does that apply to you?
0
 
Adam BrownSr Solutions ArchitectCommented:
Azure AD has very very simplistic Group Policy capabilities, so there are very few full Domain GPO features that can be utilized with an Azure AD only domain. If you have an Azure VM that is a DC, you could do a lot more, but with just Azure AD Premium, you're either going to have to add on the Enterprise Mobility Suite to do what you want or get a third party application.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Robert-ProdigyAuthor Commented:
is it possible to add GPO or to extend the option or add-on to intune AD in order to excute this? is there any other way to block USB per user?

if it possible to purchase extend GPO from Intune Microsoft I think it will be the easy way to that, but any other alternative will be good, we also thought to install hybrid internal AD only for this option but  I guess it will require to purchase server CAL

Best Regards,
0
 
McKnifeCommented:
If you want me to help you, please respond to both my questions, first.
0
 
Robert-ProdigyAuthor Commented:
all our clients are win 10, the AD is Intune as SAS
0
 
McKnifeCommented:
Clients on win10 - good. And with intune, can you please check if you can use these policies that my article mentions: https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html

That article holds the plan.
0
 
Robert-ProdigyAuthor Commented:
checking, thx
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now