PENDING intune - allow list usb in a surface reduction policy- allow list not working

[berta87]

Hi all,
we have deployed a new surface attack reduction policy to block all removable media storage.
we have to allow some kind of usb device.
the allowlist is not working, alla device are denied?
any suggestions?

thanks

Davide

 

[MJ-Tech]

If possible can you send the screenshot of the policy profile for investigation?

 

[berta87]

the policy is under attack surface reduction.
we have to block all type of device mass storage and allow few USB pendrives or hdd, or other few devices.
the policy is blocking all type of mass storage device and it's correct
for test we allow only 1 pen drive ( device id, device instance path, setup class) butit seems not working the allowlist.
can u help me?

 

[MJ-Tech]

When I utilise the Allow and Block lists in the same profile, I always have issues with Intune. Sometimes Intune will advise that the only choice to take effect is to Allow or Block.
Have you tried GPO in Intune?