Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Defender for Endpoint Gets New Removable Storage Management Capabilities

Microsoft has introduced several new removable storage management features in Defender for Endpoint (MDE). The latest release makes it easier for organizations to protect removable storage devices on Windows PCs.

More specifically, Microsoft Defender for Endpoint helps IT admins to control how employees read, write, and execute specific files on removable storage. For instance, it’s possible to enable settings to block files with extensions such as EXE, CMD, BAT, INK, BIN, COM, CPL, and CHM.

Microsoft has also added support for AD Object and Azure AD Object Id in Defender for Endpoint. It enables customers to only allow specific end users to interact with certain removable storage devices on authorized machines. Moreover, IT admins can now configure a policy to keep track of all files moved to a removable storage device.

Microsoft Defender for Endpoint Gets New Removable Storage Management Capabilities on Windows — File information for removable storage event

Over the last few months, Microsoft has also made some improvements to the removable storage access control investigation experience in Defender for Endpoint. Users will see a new removable storage access control event on the machine timeline page available under Microsoft 365 security portal >> Devices >> Device page >> Timeline.

Additionally, the Advanced Hunting Device Control reports can now document the file path and name triggered by a file-level policy. Microsoft has also reduced the time required to update the Device Control report with data and visualizations.

Microsoft Defender for Endpoint now supports network location as a condition

Lastly, Microsoft released a new feature that helps customers to improve security across remote devices. “They can enforce stricter policies on machines that are not connected to the corporate network by creating different Device control policies based on a machine’s network location using the ‘Network’ and ‘VPNConnection’ group types that were recently created control these policies,” Microsoft explained.

Microsoft notes that these features are available in public preview for Microsoft Defender for Endpoint customers. Earlier this month, the company announced the general availability of mobile network protection in Microsoft Defender for Endpoint. We invite you to check out our previous post for more details.

by Rabia Noureen
Nov 22, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Mitigating Identity-Related Risks With Windows Hello for Business and Seamless Single Sign-On (SSO)

Jun 26, 2023
Implementing Access Controls using Microsoft Intune

Jun 28, 2023
How to Protect Windows Devices with Microsoft Defender for Endpoint

Aug 30, 2023
Sep 07, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.