Which feature manages and restricts device access?

Managing and restricting device access is about controlling which external devices can connect to endpoints and what they’re allowed to do. The feature that handles this is Device Control. It lets you create policies that specify which devices are permitted, which are blocked, and what actions (read, write, execute, etc.) are allowed. This is essential for preventing data leakage and malware spread from removable media or connected devices, and it can enforce controls such as blocking USB storage or allowing only approved devices. The other options don’t fit this purpose. Network Scan focuses on identifying devices or vulnerabilities on the network, not on controlling hardware connections. Firewall Protection manages network traffic between networks, not device connections. Scanning Compressed Files looks inside archives for threats, which is a content-safety measure rather than controlling what devices can connect to a system.