Policy

Turn on device control for specific device types

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Microsoft Defender Antivirus > Device Control
Supported onAt least Windows Server 2016, Windows 10 Version 1607

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting controls which device types, identified by their PrimaryIds, will have device control protection turned on. If you enable this setting for certain device types, device control will regulate access to those devices based on the corresponding custom policy. Device control will be turned off for all other types of supported devices, even if custom protection policies are configured for those devices. This setting currently supports these device types: RemovableMediaDevices, CdRomDevices, WpdDevices, and PrinterDevices. If you enable this policy setting but do not specify any PrimaryIds, device control will be turned off across all supported device types. If you disable or don’t configure this policy setting, device control will be enforced on all supported devicesbased on their corresponding custom policies.

Internal name
DeviceControl_SecuredDevicesConfiguration
Policy ID
d3466c3b930e
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Turn on device control for specific device types
ID DeviceControl_SecuredDevicesConfiguration
text
HKLM\Software\Policies\Microsoft\Windows Defender\Device Control\SecuredDevicesConfiguration
Type REG_SZ
None

Other policies in this category

Explore related policies at the same level.