I was wondering if someone could clarify how conflicting device rules are applied. I'm tasked with cleaning up some rules and wanted to check before I change anything.
We currently have a rule that essentially blocks all USB Removable Storage devices for the group Domain Users. There is also another rule that allows specific 'Allowed' USB devices, which is applied to the more specific group of XXXXX Users.
My question is, would the 'Allowed' device work for the XXXXX Users, given that they would also fall under the 'Block All' for Domain Users rule?
Hopefully this makes sense, thanks in adavance for your help.
I came here today specifically looking for an answer to this exact same question. I know it's been a couple weeks but did you ever find an answer? My goal is to allow these devices to only certain people so I'd love to do it like an top-down ACL or something similar but not sure how this is handled.
Rule 1: Block All but Allowed Removable Storage Devices. Apply this to All users.
Rule 2: Block Allowed Removable Storage Devices for All but XXXXX users.
Rule 3: Monitor Allowed Removable Storage Devices for XXXXX Users.
When there is a conflict DLPe enforces the most restrictive reaction.