Detect devices without blocking them
If you use role-based administration:
- You must have the Policy setting - device control right to edit a device control policy.
- You cannot edit a policy if it is applied outside your active sub-estate.
For more information, see Managing roles and sub-estates.
You can detect devices without blocking them. This is useful if you intend to block devices in future, but want to detect and exempt the devices you need first.
To detect devices without blocking them, enable device control scanning in a device control policy and turn on the detection-only mode. Change the status of the devices you want to detect to “Blocked.” This will generate events for devices used on endpoint computers when the policy would have been infringed, but the devices will not be blocked.
For information about viewing device control events, see About device control events.
To detect devices without blocking them: