Due to the ongoing pandemic, adhoc work culture has been widely followed. Use of devices such as unmanaged printers and removable devices prone to extend the attack surface To mitigate this risk and to increase the security posture , Microsoft has added a new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.
These new capabilities available in the enterprise endpoint security platform will allow access restrictions to removable devices and block print jobs through non-corporate or unapproved printers.
We are pleased to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and provide an additional layer of protection for print scenarios
Access control to removable storage on Windows and removable storage protection on Mac are generally available, and printer protection on Windows it is now available in public preview. New removable storage access control capabilities added to the Windows release complement existing device control protection for scenarios such as Endpoint DLP removable storage, device installation, and BitLocker removable storage.
The USB storage device control added to the Mac version of Microsoft Defender for Endpoint is designed to balance the level of access granted to external storage devices using custom policies.
Earlier, Microsoft Defender for Endpoint also added support for detecting jailbroken iOS devices and Mobile App Management (MAM) support for Android and iOS devices not enrolled in Intune. By jailbreaking their iOS devices, users gain full write and execute access by raising their permissions to root, thus removing all restrictions imposed by Apple on installing apps. With no restrictions in place, they can later install potentially malicious applications, and by bypassing critical security updates to maintain their root access, they will also expose themselves to attack.