In the Policies pane, double-click Device control. Then double-click the policy you want to change.
In the Device control policy dialog box, on the Configuration tab, under Storage, select the type of storage device you want to control.
Click in the Status column next to the device type, and then click the drop-down arrow that appears. Select the type of access that you want to allow.
By default, devices have full access. For removable storage devices, optical disk drives and floppy disk drives, you can change that to “Blocked” or “Read only.” For secure removable storage devices, you can change that to “Blocked.”
Under Network, select the type of network device you want to block.
Click in the Status column next to the type of network device, and then click the drop-down arrow that appears.
Select “Blocked” if you want to block the device type.
Select “Block bridged” if you want to prevent network bridging between a corporate network and a non-corporate network. The device type will be blocked when an endpoint is connected to a physical network (typically through an Ethernet connection). Once the endpoint is disconnected from the physical network, the device type will be re-enabled.
Under Short Range, select the type of short-range device you want to block. In the Status column next to the device type, select “Blocked.”
Click OK.
To block media devices that connect to a computer using Media Transfer Protocol (MTP)
or Picture Transfer Protocol (PTP), such as mobile phones, tablets, digital cameras or
media players, under Media, select MTP/PTP.
In the Status column, select “Blocked.”