Windows 10 update might spoil your fun, but for good reason

Windows 10 will soon let you choose which USB devices to block and allow

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftis preparing an update forWindows 10(and by extensionWindows 11) that will go some way to preventing physical security attacks and the mishandling of data.

Soon, IT administrators will be able to make use of the new “layered Group Policy feature” to specify which types of USB devices are allowed to interact withWindows 10machines provisioned for employees.

“Every device has a set of ‘identifiers’ that are understood by the system (class, device ID and instance ID),” Microsoft explained in ablog post. “The allow list, which is written by the system admin, contains sets of identifiers that represent different devices - this way a system understands which device is allowed and which is blocked.”

The new feature is already available to businesses that have taken up the optional July 2021 Windows 10 C client release, but will become more widely available with tomorrow’s Patch Tuesday update. A release for Windows Server will apparently “follow thereafter”.

Windows 10 USB devices

There are a number of reasons IT administrators might want to limit the access granted to USB devices hooked up to corporate devices.

Firstly, the use of removable storage - such asUSB flash drivesandportable SSDs- makes it far more difficult for companies to see how employees are using files and data and who they might be sharing them with.

Although the goal of employees in this scenario is likely to make their life easier from a productivity standpoint, the transport of files away from managed devices poses a distinct security risk and could also make investigating a breach all the more difficult.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Another factor is the possibility of physical security attacks (or kinetic attacks), whereby a hacker breaks into a device in-person. Although much more rare than regular cyberattacks, physical attacks still represent an avenue through which someone might gain unauthorized access to company data and other assets.

By blocking USB storage, businesses can limit the scope for one such device to be used by a third-party to upload or download information without permission.

According to Microsoft,  the new layered Group Policies system offers a dramatic improvement over previous measures, introducing an important element of flexibility and granularity.

The groundwork put in by Microsoft today will also contribute towards makingWindows 11the company’s most secureoperating systemto date when it goes live later this year.

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats

Huge Black Friday Samsung sale: save up to $1,900 on QLED, OLED TVs, and more