Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization’s network. Devices that can be blocked or allowed to install on endpoints include printers, USB storage drives, and other USB peripherals added to a given organization’s prohibited or approved list of devices. The new apply layered Group Policy feature provides more granular control over what devices are blocked from installation using device identifiers such as instance IDs, hardware IDs, setup class, and removable device property.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-admins-now-can-block-external-devices-via-layered-group-policy/