From b4f98ff1603708cbfe58484876ef5d129c242be4 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 28 Oct 2025 17:39:38 -0700 Subject: [PATCH] Device control updates --- .../configure-an-integration-policy-for-elastic-defend.md | 5 ++++- solutions/security/manage-elastic-defend/trusted-devices.md | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md index 723319914d..973810281d 100644 --- a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md +++ b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md @@ -238,8 +238,11 @@ stack: ga 9.2 serverless: ga ``` +Device control helps protect your Linux and Mac endpoints from data loss, malware, and unauthorized access by managing which devices can connect to your computers. Specifically, it restricts which external USB storage devices can connect to hosts that have {{elastic-defend}} installed. -Device control helps protect your organization from data loss, malware, and unauthorized access by managing which devices can connect to your computers. Specifically, it restricts which external USB storage devices can connect to hosts that have {{elastic-defend}} installed. +::::{important} +Device control only affects external USB storage devices. It does not affect other peripherals such as Yubikeys, webcams, or keyboards. +:::: To configure device control for one or more hosts, edit the {{elastic-defend}} policy that affects those hosts. Your policy specifies which operations these devices are allowed to take on a host. You can create [trusted devices](/solutions/security/manage-elastic-defend/trusted-devices.md) to define exceptions to your policy for specific devices. diff --git a/solutions/security/manage-elastic-defend/trusted-devices.md b/solutions/security/manage-elastic-defend/trusted-devices.md index 671259f635..f6d7b86719 100644 --- a/solutions/security/manage-elastic-defend/trusted-devices.md +++ b/solutions/security/manage-elastic-defend/trusted-devices.md @@ -12,6 +12,11 @@ products: By default, {{elastic-defend}} policies have [device control](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#device-control) enabled, with access level set to block all operations. This prevents external storage devices from connecting to protected hosts. +::::{important} +- Device control only affects external USB storage devices. It does not affect other peripherals such as Yubikeys, webcams, or keyboards. +- Device control only supports Windows and Mac endpoints. +:::: + Trusted devices are specific external devices that are allowed to connect to your protected hosts regardless of device control settings. Create trusted devices to avoid interfering with expected workflows that involve known hardware. By default, a trusted device is recognized globally across all hosts running {{elastic-defend}}. You can also assign a trusted device to a specific {{elastic-defend}} integration policy, enabling the device to be trusted by only the hosts assigned to that policy.