Im doing a test for a client with device control 9.0. Everything works well and we are a the stage of plannig de deployment. The client only wants to block external mass storage for a certain group of user and permit it whit another. So we have a basic device rule blocking external storage applied to a assignement group wich contain excluded user.
my understanding is that protection rule is for defining a more precise and granular rules like file type and file extension etc etc. In my case, i dont need all this. it's a simlpe on/off for external device.
Am i doing it the "right" way. ?
Device rules only for devices like USB, CD/DVD, bluetooth etc
Protection rule is for contents like SSN, PII, NPI etc.