Use case: Block and charge an iPhone with a plug-and-play device rule

Apple iPhones can be blocked from use as storage devices while being charged from the computer.

This use case creates a rule that blocks a user from using the iPhone as a mass storage device. A plug-and-play device protection rule is used because it allows iPhones to charge no matter how the rule is specified. This feature is not supported for other smartphones, or other Apple mobile devices. It does not prevent an iPhone from charging from the computer.

To define a plug-and-play device rule for specific devices, you create a device definition with the vendor and product ID codes (VID/PID). You can find this information from the Windows Device Manager when the device is plugged in. Because this example only requires a VID, you can use the built-in device definition All Apple devices rather than looking up the information.


  1. In McAfee ePO, select MenuData ProtectionDLP Policy Manager.
  2. On the Rule Sets tab, select a rule set (or create one). Click the Device Control tab, and create a plug-and-play device rule. Use the built-in device definition All Apple devices as the included (is one of (OR)) definition.
  3. On the Reaction tab, set the Action to Block.
  4. Click Save, then click Close.