Device control with Defender for Endpoint

Dear all,

I need some help on an issue I have been experiencing with my device control policy recently.

This policy was configured under attack surface reduction rules in Intune and has been working fine until recently.

This policy is used to block all USB ports of corporate machines by default unless they are explicitly allowed. As already mentioned, it works perfectly by blocking all USB ports and we have the option to unblock some if needed.

Now, here is the problem I am recently experiencing:

We have like twenty-five branches located in different countries, and there is only one policy in Intune in place for all the countries, including the head office. 

If I exclude a device and allow it to be used in the head office using its serial number, it works fine, but if the same USB stick is connected to a branch office computer, it is blocked again, and there is no conditional access policy configured to warrant such behavior.

I appreciate any help that will lead to solving this issue.

Best regards

Alieu

 Here are some screen shots of my policy in Intune:

1.  

2.

3

4.