IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft launches new layered group policy feature

Layered feature makes it easier to selectively block USB devices in Windows

Microsoft has introduced a Windows 10 and 11 feature that allows administrators to select which devices connect to endpoints. The layered Group Policy feature will make it easier for organizations to block specific types of USB devices using combined whitelisting and blacklisting. 

This feature governs any device, whether internal or external, including USB drives. Administrators can define an allow list, which specifies whitelisted and blacklisted devices by their device identifiers. Windows systems categorize devices by class, device ID, and instance ID. 

In the past, Microsoft used a simple combination of an allow policy and a prevent policy, with the latter taking precedence over the former. This rigid approach made it harder to update permissions when new devices entered the market, Microsoft said. 

The new layering feature uses a hierarchical list of these identifiers that it examines in order, with higher identifiers taking precedence. This makes it easier to ban all devices of a particular class while making specific exceptions for devices in that class with certain hardware IDs. 

The hierarchical layers allow admins to be as exclusive as they wish when defining which devices can connect to Windows endpoints. For example, locking out all USB devices other than those provided by their company. They could also block all USB devices from being installed while allowing all other devices to connect to a Windows endpoint. 

Related Resource

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Cyber resilience for dummies - How to improve cyber resilience within your organisation - whitepaper from MimecastDownload now

"With this new policy, you don’t need to know different device classes to prevent USB classes only from being installed," said Microsoft in a blog post announcing the feature. "The new policy allows you to focus scripts on USB classes and be confident that no other class is going to be blocked unless specified by the IT admin." 

More effective device blocking could prevent the spread of malware via malicious USB devices. It could also make it more difficult for people to copy data from work computers that could later be lost, causing compliance problems

Layered Group Policy capabilities are available as part of the optional "C" client release, which is the company's non-security preview release. It will become more widely available on August 10 with the August 2021 Update Tuesday release. Windows 11 will also support the feature, Microsoft said. 

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Command Prompt Windows 10: What is it and how does it work?
Microsoft Windows

Command Prompt Windows 10: What is it and how does it work?

1 Jul 2022
Windows vs Linux: what's the best operating system?
operating systems

Windows vs Linux: what's the best operating system?

22 Jun 2022
Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022