We need to block Logitech Unifying dongles now that it's public knowledge you can both sniff\decrypt keystrokes, and also inject keystrokes.
Is there an easy way to block these common dongles with GPO or InTune?
All I have so far is a PowerShell script to disable devices but this would have to be run after the device is plugged in, which is reactive and not preventative.
# Disable Unifying receivers
Get-PnpDevice -FriendlyName "Logitech*" -Class 'Mouse' | Disable-PnpDevice -confirm:$false
The hardware ID for Unifying Receiver I am seeing is
USB\VID_046D&PID_C52B. This can be used as "Hardware ID" and device GUID. They both appear to refer to the same string.Following the Microsoft guidance on GPO
We can block devices by Hardware Ids.
Under
Computer Configuration > Policies > Administrative Templates > System > Device Installationthe policy to blacklist isPrevent installation of devices that match these device IDsFollowing the Microsoft guidance on InTune
We can block devices by class GUID of the device classes.
Under
Templates > Administrative Templatesthe policy to blacklist isPrevent installation of devices that match any of these device IDs// TODO: I need to update this policy to include all affected devices listed on MouseJack. If I don't update this answer with all the hardware IDs, please feel free to add ones for me in either a comment or an edit.