How would i go about blocking all usb access(usb drives) but still allowing usb phones to be plugged in?
Unfortunately that’s not possible, for now you can either deny or allow all access to usb mass storage device.
More features will be added to usb management in a future ESM release.
Okay this would have to be done on workstation per basis.
How do i go about do this per workstations?
Please create/discover a policy and then modify it.
Apply the policy on other endpoints.
Your 'phones should not be detected as Mass Storage Devices so blocking USB ports should not affect them.
Depends on what kind of phone it is. I’m pretty sure my Windows Phone is a mass storage device; if I plug it in, I can copy stuff to and from it without having to install any special drivers or software first.
If you create a policy with USB disabled and apply it to your endpoint is the 'phone still available for copying data?