USB Device Control in M365 for CUI Workstations
Defense contractors can use Microsoft Defender for Endpoint device control, Intune, BitLocker, and Endpoint DLP to run allow-by-exception USB policies on CUI workstations, protect CUI on removable media with FIPS-validated encryption, and produce evidence aligned to NIST 800-171 and CMMC assessment expectations.