Process-  

Create the profile- 

  1. Sign in to the Microsoft Intune admin center. 

 

  1. Select Devices > Configuration > Create.

 

  1. Enter the following properties:

 

  • Platform: Select Windows 10 and later.
  • Profile type: Select Templates > Administrative Templates.

 

  1. Select Create.

 

  1. In Basics, enter the following properties:

 

  • Name: Enter a descriptive name for the profile. For example, enter Restrict USB devices.
  • Description: Enter a description for the profile. This setting is optional but recommended.
  • Select Next.

 

 

 

 

 

 

 

 

 

  1.  In Configuration settings, configure the following settings:
  • Prevent installation of devices not described by other policy settings: Select Enabled > OK:

 

 

 

 

  • Allow installation of devices that match any of these Device IDs: Select Enabled. Then, add the device/hardware IDs for devices you want to allow:

 

FIND DEVICE/HARDWARE ID OF ANY REMOVABLE STORAGE DEVICE-  

Example- PenDrive

  1. Find your usb in Device Manager and go to properties.

 

 

 

 

 

 

 

 

 

  1. Click on Details and in Property section choose Hardware Ids and copy all hardware id.

 

 

 

 

 

 

 

 

 

 

  1. After copying, paste all Device Ids one by one.

   

  1. Select OK.
  2. Let scope tab be default and select Next.

 

  1. In Assignments, select the device groups that will receive the profile. Select Next.

 

  1. In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.

 

 

 

References: 

Restrict USB devices using administrative templates in Microsoft Intune | Microsoft Learn