Removable storage device management

Administrators can control access to any removable storage devices that can be plugged into a USB port by:

  • Removing read/writer access. This prevents any access and is the most restrictive configuration.
  • Removing write-only access. This allows limited access, but prevents unauthorized removal of data or the ability to add viruses, etc. to the device.
  • Allowing complete access to limited devices. This lets administrators create a whitelist of devices, permitting users total access to only the removable storage device on the list.

Restricting access to removable storage devices

NOTE: This feature requires MobileIron Bridge. See Setting up MobileIron Bridge for details.

Procedure 

  1. Log into the Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Click Add New > Windows > MobileIron Bridge.
  4. Select Device Management to open the Device Management Settings page.

  5. Enter a name for the configuration.

    A description is optional.

  6. Go to the USB section and click one or both of the following options:
    • Restrict Access to Removable Storage Devices: to restrict all access (no read/write).
    • Restrict Write Access to Removable Storage Devices: to provide limited access (read-only).
  7. Click Save.
  8. Select the new configuration in the Configurations table.

  9. Click Actions > Apply to Label > Windows.

    This configurations will only apply to Windows 10 Desktop devices.

  10. Click Apply.

Creating a whitelist for removable storage devices

NOTE: This feature requires MobileIron Bridge. See Setting up MobileIron Bridge for details.

Before you begin 

If you want to create a whitelist of permitted USB devices, complete the following steps first:

  1. Attach the USB storage devices you want to allow to a personal computer.
  2. Open Device Manager and click on the USB controller.
  3. Look at the settings for each controller for device information.
  4. Store the device information to use when creating your whitelist.

Procedure 

  1. Log into the Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Click Add New > Windows > MobileIron Bridge.
  4. Select Device Management to open the Device Management Settings page.

  5. Enter a name for the configuration.

    A description is optional.

  6. Go to the USB section and click Add+.
  7. Enter the device ID for one or more of the devices you want to add to the whitelist.
  8. Click Save.
  9. Select the new configuration in the Configurations table.

  10. Click Actions > Apply to Label > Windows.

    This configurations will only apply to Windows 10 Desktop devices.

  11. Click Apply.