Actions
Bug #12685
open
New Feature #10636: Windows USB device management
Allowed / denied list of USB devices are not sent in the SyncML payload
Start date:
18/04/2025
Due date:
25/04/2025 (14 days late)
% Done:
100%
Estimated time:
Device Type:
Windows
Component:
Type:
Windows
Description
Environment details
6.4.0
Prerequisites
Enrolled Windows device
- Create a Device Installation policy > Device Installation Restrictions > Prevent installation of devices that match any of these device IDs
- Add a USB hardware ID (Refer [1] to get the hardware ID) to the deny list and tick Retroactive option
- Publish the policy and check if the restriction is applied by inspecting the SyncML payload received on the device or the registry key
Description
When allowing / preventing USB devices the device does not receive the list of inputs added from the policy UI.
A diff of the expected [2] and the actual payload can be viewed here [3]
Result
USB device is not blocked by the policy
[1] - https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/manage-usb-devices-on-windows-hosts/1691477
[2] - https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids
[3] - https://www.diffchecker.com/fhMymE5M/
Updated by 
Updated by
Actions