Skip to content

Commit 94e9374

Browse files
paulinbarpaulinbar
authored
Merge pull request #5079 from dkouzmanovMSFT/docs-editor/device-control-policies-1758123384
Add clarity around permissions
2 parents 96ef6ae + 02d41b7 commit 94e9374

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

defender-endpoint/device-control-policies.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
---
22
title: Device control policies in Microsoft Defender for Endpoint
33
description: Learn about Device control policies in Defender for Endpoint
4-
author: batamig
5-
ms.author: bagol
4+
author: paulinbar
5+
ms.author: painbar
66
manager: bagol
7-
ms.date: 02/05/2025
7+
ms.date: 10/23/2025
88
ms.topic: overview
99
ms.service: defender-endpoint
1010
ms.subservice: asr
@@ -187,7 +187,7 @@ Device control policies define access (called an entry) for a set of devices. En
187187

188188
| Entry setting | Options |
189189
|---|---|
190-
| AccessMask | Applies the action only if the access operations match the access mask - The access mask is the bit-wise OR of the access values:<br><br> 1 - Device Read<br>2 - Device Write<br>4 - Device Execute<br>8 - File Read<br>16 - File Write<br>32 - File Execute<br>64 - Print<br><br>For example:<br>Device Read, Write, and Execute = 7 (1+2+4)<br>Device Read, Disk Read = 9 (1+8)<br>|
190+
| AccessMask | Applies the action only if the access operations match the access mask - The access mask is the bit-wise OR of the access values:<br><br>1 - Device Read - Allows inspection of device-level metadata and mounting. Allows ability to view files.<br>2 - Device Write - Grants ability to format or reconfigure the device.<br>4 - Device Execute - Allows renaming the USB in Explorer (a form of execution at the system level).<br>8 - File Read - Enables viewing and browsing of stored content on the external device.<br>16 - File Write - Permits editing, copying, or deleting files and folders on the external device.<br>32 - File Execute - Enables launching of executable content from the external device.<br>64 - Print<br><br>For example:<br>Device Read, Write, and Execute = 7 (1+2+4)<br>Device Read, Disk Read = 9 (1+8)<br>|
191191
| Action | Allow <br/> Deny <br/> AuditAllow <br/> AuditDeny |
192192
| Notification | None (default) <br/> An event is generated <br/> The user receives notification <br/> |
193193

0 commit comments

Comments
 (0)