Configuring policies / Device control policy |
For more information, see Managing roles and sub-estates.
You can detect devices without blocking them. This is useful if you intend to block devices in future, but want to detect and exempt the devices you need first.
To detect devices without blocking them, enable device control scanning in a device control policy and turn on the detection-only mode. Change the status of the devices you want to detect to “Blocked.” This will generate events for devices used on endpoint computers when the policy would have been infringed, but the devices will not be blocked.
For information about viewing device control events, see View device control events.
To detect devices without blocking them: