Microsoft has added new controls to help businesses secure their removable storage devices and printers to address the increased security concerns brought on by the increase of remote working.
The company reasons that the work-from-anywhere environment has widened the attack surface area, which has led it to expand the scope of the enterprise version of its Windows 10 Defender protection product.
“We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios,” wrote Tewang Chen, a Technical Program Manager at Microsoft.
The new capabilities are designed to allow administrators to exercise access restrictions on removable devices and reign in printing tasks on non-corporate or non-approved printers.
Wider net
In the post Chen adds that the new printer protection feature allows admins to block users from printing to a non-corporate network printer or non-approved USB printer.
Furthermore, the new removable storage access control capabilities added to the Windows version of the security platform complement the existing device control protections for tasks such as installing a new device, removing BitLocker storage, and others.
With the new removable storage access control, admins will be able to audio, allow, or prevent the read, write, or execute permissions to removable storage based on various device properties, such as Vendor ID and serial number.
Furthermore, the platform now offers removable storage protection on Mac as well. This adds to the endpoint platform growing capabilities on Mac. Notably, last month Microsoft added support for detecting jailbroken iOS devices to the product.
Chen added that while removable storage access control on Windows and removable storage protection on Mac are generally available, printer protection on Windows is currently available as a public preview.