business case: The following policies must apply to all users and systems of the organization.
DLP removable media control
authorized managed usb key read,write is permitted
unmanaged usb key read is permitted
authorized managed usb key must enforce encryption with offsite access
unmanaged usb key is read only without any encryption prompt
The policy needs to apply to everyone and from what I know about DLP this is easily done to allow read/write to a specific device and then read only to everything else however this needs to be chained to FRP. The FRP policy needs to encrypt the managed devices but must not pop up anything for any other device that is plugged in. This is where I’m having trouble because I can’t see any way of chaining this together other than putting in a bunch of exceptions which would be unmanageable.