Detect devices without blocking them

If you use role-based administration:

  • You must have the Policy setting - device control right to edit a device control policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

You can detect devices without blocking them. This is useful if you intend to block devices in future, but want to detect and exempt the devices you need first.

To detect devices without blocking them, enable device control scanning in a device control policy and turn on the detection-only mode. Change the status of the devices you want to detect to “Blocked.” This will generate events for devices used on endpoint computers when the policy would have been infringed, but the devices will not be blocked.

For information about viewing device control events, see About device control events.

To detect devices without blocking them:

  1. Check which device control policy is used by the group(s) of computers you want to configure.

    See Check which policies a group uses.

  2. In the Policies pane, double-click Device control. Then double-click the policy you want to change.
  3. In the Device control policy dialog box, on the Configuration tab, select Enable device control scanning.
  4. Select Detect but do not block devices.
  5. If you haven’t done so already, change the status of devices you want to detect to “Blocked.” (For details, see Select device types to control.)
    1. Click OK.