14 DAY TRIAL // Microsoft has announced a welcome new update for Microsoft Defender for Endpoint on Mac, and this time, customers are provided with extra controls for USB devices.
Available in public preview, the new feature allows IT admins to control the level of access given to external USB storage devices, including SD cards, with custom policies allowing them to configure read, write, execute, and no access rights.
The new feature supports Product ID, Vendor ID, and Serial Number rules.
“The USB device control policy is hierarchical. At the top of the hierarchy are vendors. For each vendor, there are products. Finally, for each product there are serial numbers denoting specific USB devices. The policy is evaluated from the most specific entry to the most general one. When a USB device does not match any of the nested entries, the access level for this device defaults to the top-level permission,” Microsoft explains.
Needless to say, this is quite a major update from a security perspective, especially as malicious files continue to spread via USB.
Already available in preview
And given restricting access to USB devices is the best way to prevent malware from reaching critical data Microsoft Endpoint for Mac makes it possible to block certain devices, all using a fully customized URL where the user is redirected to be informed of the enforced limitation.
“Preventing threats and securing your organization takes a multi-layered approach. Many users will plug in USB removable storage devices without considering their potential security risk. Enabling removable device control policies reduces the attack surface on user’s machines and protects organizations against malware and data loss in these scenarios,” the company says.
Customers who want to try out the new USB controls need to enable preview features in the Microsoft Defender Security Center. No ETA is available as to when the feature could go live for everyone.