What you need to know
- Microsoft is giving IT admins the ability to apply layered Group Policy.
- The feature will be in Windows 11.
- It's currently available to some Windows 10 users, though it'll become more widely available in August.
The "apply layered Group Policy" feature has been enabled for IT admins, giving them control over what devices are and aren't installed on their organizations' machines.
This functionality is already live in Windows 10 "as part of the July 2021 optional 'C' client release," though it'll receive wide availability in Windows 10's August Patch Tuesday update. Windows Server will get it later. And, in case you were wondering, yes, the feature will make its way to Windows 11 as well.
In its announcement blog, Microsoft included a brief summary of what layered Group Policy is and how the new feature will make functions easier.
Device installation policies are used to restrict the installation of any device, both internal and external, to all machines across an organization while allowing a small set of pre-authorized devices to be used/installed. Every device has a set of 'device identifiers' that are understood by the system (class, device ID and instance ID). The allow list, which is written by the system admin, contains sets of identifiers that represent different devices – this way a system understands which device is allowed and which is blocked.
By adding the new Group Policy feature to existing policies, IT admins will enjoy hierarchical permission layering for increased device allowance and prevention flexibility, as well as the elimination of the need to understand different device classes to stop USB classes from being installed.
You can read the full breakdown of the new feature's utilities over at Microsoft's blog.
