One policy to immediately remove access to USB and CD-ROMs & DVD devices.
Specify who can do what with a USB or CD-ROM / DVD.
Block ransomware and data exfiltration.
Enable specific users for specific USB devices and their access.
If you trust one person, like a doctor or consultant, etc. then you can grant the one person (or group) READ, READ/WRITE, FULL access to all devices.
If you have a specific USB device vendor you trust, and those devices are always encrypted, use PolicyPak Device Manager to restrict device use to THOSE vendor IDs only !
Use PolicyPak Device Manager to specify exactly which users can use which serial numbers of USB sticks and DVD devices. This way, you issue the device, and you know EXACTLY who has USB Read/ Read/Write or Full access.
Got Intune or another MDM service, and users plugging in USB sticks... walking out the door with data, or worse, introducing malware? Specify exactly WHO can use WHAT USB sticks ... so you don't have to fight fires everywhere around data and ransomware.