Microsoft has introduced several new removable storage management features in Defender for Endpoint (MDE). The latest release makes it easier for organizations to protect removable storage devices on Windows PCs.
More specifically, Microsoft Defender for Endpoint helps IT admins to control how employees read, write, and execute specific files on removable storage. For instance, it’s possible to enable settings to block files with extensions such as EXE, CMD, BAT, INK, BIN, COM, CPL, and CHM.
Microsoft has also added support for AD Object and Azure AD Object Id in Defender for Endpoint. It enables customers to only allow specific end users to interact with certain removable storage devices on authorized machines. Moreover, IT admins can now configure a policy to keep track of all files moved to a removable storage device.
Over the last few months, Microsoft has also made some improvements to the removable storage access control investigation experience in Defender for Endpoint. Users will see a new removable storage access control event on the machine timeline page available under Microsoft 365 security portal >> Devices >> Device page >> Timeline.
Additionally, the Advanced Hunting Device Control reports can now document the file path and name triggered by a file-level policy. Microsoft has also reduced the time required to update the Device Control report with data and visualizations.
Lastly, Microsoft released a new feature that helps customers to improve security across remote devices. “They can enforce stricter policies on machines that are not connected to the corporate network by creating different Device control policies based on a machine’s network location using the ‘Network’ and ‘VPNConnection’ group types that were recently created control these policies,” Microsoft explained.
Microsoft notes that these features are available in public preview for Microsoft Defender for Endpoint customers. Earlier this month, the company announced the general availability of mobile network protection in Microsoft Defender for Endpoint. We invite you to check out our previous post for more details.