PnpDeviceBlocked for onboarded devices
Hello All,
We have an Entra hybrid setup with devices onboarded as hybrid joined. Using SCCM, we’ve configured Co-management with a pilot group synced to Intune, shifting the Endpoint Protection workload to Intune.
We’ve set up the Intune-MDE connector and created an EDR policy to onboard devices to MDE. Everything works fine with onboarding and policy application based on Intune/MDE status.
However, onboarded devices are unable to install drivers for new hardware like USB keyboards, mouse, and other PnP devices.
The error matches this article:
https://learn.microsoft.com/en-us/defender-endpoint/device-control-overview
We’ve removed all Device Control policy settings that could block USB driver installation, but the issue persists. A hunting query shows:
ActionType: PnpDeviceBlocked
DeviceInstanceId: USBVID_17EF&PID_608D5&228c54a3&0&4
DriverName: input.inf
We’re unsure which policy or setting is causing this. Could an ASR policy be the culprit? If so, could someone provide a hunting script to identify the blocking policy/setting?
Thanks,
Hello All,We have an Entra hybrid setup with devices onboarded as hybrid joined. Using SCCM, we’ve configured Co-management with a pilot group synced to Intune, shifting the Endpoint Protection workload to Intune.We’ve set up the Intune-MDE connector and created an EDR policy to onboard devices to MDE. Everything works fine with onboarding and policy application based on Intune/MDE status.However, onboarded devices are unable to install drivers for new hardware like USB keyboards, mouse, and other PnP devices.The error matches this article:https://learn.microsoft.com/en-us/defender-endpoint/device-control-overviewWe’ve removed all Device Control policy settings that could block USB driver installation, but the issue persists. A hunting query shows:ActionType: PnpDeviceBlockedDeviceInstanceId: USBVID_17EF&PID_608D5&228c54a3&0&4DriverName: input.infWe’re unsure which policy or setting is causing this. Could an ASR policy be the culprit? If so, could someone provide a hunting script to identify the blocking policy/setting?Thanks, Read More