Security News > 2021 > August > Windows admins now can block external devices via layered Group Policy
Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization's network.
Using these identifiers, an admin can create an 'allow list' of allowed devices that will block all other devices from being installed.
The new apply layered Group Policy feature provides more granular control over what devices are blocked from installation using a set of device identifiers such as instance IDs, hardware IDs, setup class, and removable device property.
Flexibility: the new policy introduces hierarchical layering using the Device instance IDs > Device IDs > Device setup class > Removable devices order, which overrides conflicting prevent and allow policy settings.
If you want to apply right now in your environment, the path to the new Group Policy is Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > 'Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria'.
Additional information on the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is available on the Microsoft 365 docs website.