IT Support

This method is utilising Microsoft ASR which seems to be best practise when managing USB's. 

Collecting USB Identifiers

Ensure USB is connected to PC and then open devmgmt.msc

Find the USB and go to its properties like below

Double click the USB Device > Click "Details" > Copy the identifiers below which we will then paste into the ASR policy later on.

Identifiers: 

FriendlyName > FriendlyNameID 

Kingston DataTraveler 3.0 USB Device

Device Instance Path > DeviceId

USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_\E0D55EA574B8F4C1190DF461&0

SerialNumberId (this is just the end line from DeviceID)

E0D55EA574B8F4C1190DF461&0

HardwareId

USBSTOR\DiskKingstonDataTraveler_3.0____

USBSTOR\DiskKingstonDataTraveler_3.0

USBSTOR\DiskKingston

USBSTOR\KingstonDataTraveler_3.0_

KingstonDataTraveler_3.0_

USBSTOR\GenDisk

GenDisk

Adding USB into Intune ASR

Now navigate to Endpoint Security > ASR > Reusable settings > Click on "Approved USB".

Then click on "Configuration Settings" > Add "Removable Storage". 

Then click on "Configure settings" on the device created.

Now copy those matching identifiers from earlier into the settings below. "Name" can be anything and is used for us to identify what the USB is for.

Then hit next and save.

Now run a sync on the PC from the Intune portal and also the PC itself from Settings > Accounts > Work

After a few minutes of the sync try re-connecting the USB and it should start working