Settings
The Settings section allows you to configure global policy behavior, enable or disable device control features, and set user experience options.
Settings are divided into three categories:
- Feature Settings - Enable or disable device control for specific device types
- Global Settings - Configure default enforcement behavior
- UX Settings - Configure user notification behavior
- Select Settings in the sidebar
- Click on Settings in the list view
- Configure options in the detail view
Feature settings control whether device control is active for each device type.
| Feature | Description |
|---|---|
| Apple Device | iOS devices, iPods, iPads connected via USB |
| Removable Media | USB flash drives, external hard drives, SD cards |
| Bluetooth Device | Bluetooth file transfer and peripherals |
| Portable Device | MTP/PTP devices, digital cameras |
| Generic Device | Generic device control across types |
Each feature can be set to one of three states:
| State | Description |
|---|---|
| Default | Uses the default (disabled) |
| Enabled | Device control is active for this device type |
| Disabled | Device control is inactive for this device type |
Important: If a feature is disabled, rules targeting that device type will have no effect.
For most deployments:
- Enable Removable Media for USB drive control
- Enable Apple Device if managing iOS device access
- Leave Bluetooth Device and Portable Device at default unless specifically needed
Global settings affect the overall policy behavior.
Specifies what happens when a device access doesn't match any rule:
| Value | Description |
|---|---|
| Allow | Access is permitted if no rule matches |
| Deny | Access is blocked if no rule matches |
Allow (Recommended for most cases)
- Permissive approach - only explicitly denied access is blocked
- Users can use devices not covered by rules
- Easier to deploy incrementally
- Good for: Organizations starting with device control
Deny
- Restrictive approach - only explicitly allowed access is permitted
- Blocks any device access not covered by a rule
- Requires comprehensive rules for all allowed devices
- Good for: High-security environments
UX (User Experience) settings control how notifications appear to users.
A URL that users are directed to when they click on a device control notification. This is useful for:
- Linking to your organization's device policy page
- Providing instructions for requesting exceptions
- Directing users to IT support resources
Examples:
https://intranet.company.com/device-policyhttps://support.company.com/usb-requesthttps://company.sharepoint.com/IT/DevicePolicy
Note: Leave blank if you don't want notifications to be clickable.
Understanding how settings interact with rules:
Device Access Request
│
▼
┌───────────────────┐
│ Feature Enabled? │──No──► Access Allowed (no control)
└───────────────────┘
│ Yes
▼
┌───────────────────┐
│ Rule Matches? │──No──► Default Enforcement Applied
└───────────────────┘
│ Yes
▼
┌───────────────────┐
│ Entry Matches? │──No──► Next Entry / Next Rule
└───────────────────┘
│ Yes
▼
Entry Enforcement
Applied
Monitor device usage without blocking:
- Enable desired features
- Set Default Enforcement to Allow
- Create rules with Audit Allow enforcement
Block all devices except explicitly allowed ones:
- Enable desired features
- Set Default Enforcement to Deny
- Create rules to Allow specific approved devices
Start with monitoring, then add blocking:
Phase 1: Audit
- Enable features
- Set Default Enforcement to Allow
- Create rules with Audit Allow and Audit Deny
- Review logs to understand device usage
Phase 2: Block
- Update rules to use Deny enforcement
- Add Show Notification option for user awareness
- Set Navigation Target to exception request page
- Always enable the feature before creating rules for that device type
- Start with Allow default enforcement and audit rules
- Set a helpful Navigation Target for user self-service
- Test settings in a pilot group before broad deployment
- JSON Preview and Validation - Verify your complete policy
- Working with Rules - Create rules for enabled features