Home » 
Applicable For Endpoint Central MSP 
 
 
On-PremisesCloud

Device Control

In any enterprise environment, the unauthorized use of peripheral devices poses a significant security risk. Unauthorized USB drives, external hard disks, and portable devices can lead to data leaks, malware intrusions, and compliance violations.

ManageEngine Endpoint Central addresses this challenge through its Device Control module, which offers a centralized solution to monitor, manage, and restrict peripheral device usage across all organizational endpoints.

IT administrators can define and enforce granular access policies that govern how, when, and by whom devices can be used. This ensures sensitive data remains protected, and security is maintained without compromising operational efficiency.

With complete visibility into connected devices, Endpoint Central enables access control based on device type and target computers, with the option to exclude specific users from applied policies. This helps organizations prevent unauthorized data transfers and reduce the endpoint attack surface.

What does Endpoint Central’s Device Control offer?

  • Device-type Level Control: Allow or block entire categories of devices such as Removable Storage Devices, Windows Portable Devices, Apple Devices, CD Drives, Printers, Bluetooth Adapters, and more.
  • Granular Access Permissions: Define precise access rights—such as read-only, write, or full access—based on device type, individual device, or computer groups.
  • Trusted Devices Management: Mark specific devices as trusted, allowing them to bypass general restrictions. Trusted devices are identified using unique parameters like vendor ID, product ID, or serial number, ensuring only verified hardware can connect to endpoints.
  • Temporary Access: Grant time-bound access to restricted devices for specific users or systems when necessary, with automated revocation once the access period expires.
  • Device Auditing: Monitor and log all connected peripheral devices, including when and where they were connected, by whom, and on which endpoint. This provides visibility into device usage patterns, helps detect unauthorized device activity, and supports forensic investigations and compliance reporting.
  • File shadow: Maintain a backup copy of every file transferred to a removable device. Shadow copies are stored securely and can be used for compliance verification, forensic analysis, or internal investigations.
  • Policy-based Control: Define rules and automate enforcement across computer groups.
  • Exclude User Groups: When deploying device control policies to a group of computers, specific user groups can be excluded from those policies. This allows IT teams to enforce strict controls on a wide scale while providing exceptions for developers, IT admins, or other trusted roles without compromising overall security posture.
  • Centralized Reporting: Generate detailed reports for audits and compliance tracking.
  • Email Alerts: Instantly notify IT administrators when unauthorized or blocked devices are connected to any endpoint. Alerts help teams respond to potential threats in real time and reduce the time to resolution.
Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top