Microsoft launches new layered group policy feature

Layered feature makes it easier to selectively block USB devices in Windows

Microsoft has introduced a Windows 10 and 11 feature that allows administrators to select which devices connect to endpoints. The layered Group Policy feature will make it easier for organizations to block specific types of USB devices using combined whitelisting and blacklisting. 

This feature governs any device, whether internal or external, including USB drives. Administrators can define an allow list, which specifies whitelisted and blacklisted devices by their device identifiers. Windows systems categorize devices by class, device ID, and instance ID. 

In the past, Microsoft used a simple combination of an allow policy and a prevent policy, with the latter taking precedence over the former. This rigid approach made it harder to update permissions when new devices entered the market, Microsoft said. 

The new layering feature uses a hierarchical list of these identifiers that it examines in order, with higher identifiers taking precedence. This makes it easier to ban all devices of a particular class while making specific exceptions for devices in that class with certain hardware IDs. 

The hierarchical layers allow admins to be as exclusive as they wish when defining which devices can connect to Windows endpoints. For example, locking out all USB devices other than those provided by their company. They could also block all USB devices from being installed while allowing all other devices to connect to a Windows endpoint. 

Related Resource

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Cyber resilience for dummies - How to improve cyber resilience within your organisation - whitepaper from MimecastDownload now

"With this new policy, you don’t need to know different device classes to prevent USB classes only from being installed," said Microsoft in a blog post announcing the feature. "The new policy allows you to focus scripts on USB classes and be confident that no other class is going to be blocked unless specified by the IT admin." 

More effective device blocking could prevent the spread of malware via malicious USB devices. It could also make it more difficult for people to copy data from work computers that could later be lost, causing compliance problems

Layered Group Policy capabilities are available as part of the optional "C" client release, which is the company's non-security preview release. It will become more widely available on August 10 with the August 2021 Update Tuesday release. Windows 11 will also support the feature, Microsoft said. 

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Fedex teams with Microsoft for cross-platform logistics solution
digital transformation

Fedex teams with Microsoft for cross-platform logistics solution

25 Jan 2022
Microsoft tells IT admins to turn off legacy group policies to improve Windows performance
Microsoft Windows

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

21 Jan 2022
Microsoft buys game developer Activision Blizzard for $68.7 billion
mergers and acquisitions

Microsoft buys game developer Activision Blizzard for $68.7 billion

18 Jan 2022
Best laptops 2022: Acer, Asus, Dell and more
Laptops

Best laptops 2022: Acer, Asus, Dell and more

18 Jan 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022