Hey everyone,
I have a sort of peculiar issue. I have a device policy that prevents users from plugging their phones into their computers. The security concern is that if a user can plug the phone into the computer, the computer may mount the device as a data store and facilitate data leaks. Most users use the usb ports to charge their mobile devices. I am vaguely OK with this and for about 90% of all phones this is attainable. Some phones however are not able to charge without mounting a data store. I have found that some Motorola phones and every iPhone works like this. If it's not allowed to mount as a data store, it cannot charge from the computer.
Management is now demanding that I create a policy that allowes iPhones to charge, but prevents them from mounting as a data store. I haven't been successful in figuring out how to do this. As far as I can tell, there is only one device ID that gets initialized when plugging in an iPhone (observed through the Devviewer executable). Has anyone had a similiar experience? Was anyone able to overcome this issue?
Thanks in advance!