Share via

Group Policy deny unauthorised devices notification

Jason 0 Reputation points
2025-12-05T21:02:30.6133333+00:00

I have followed the guide to set the device installation and it is working great. The only item I can't seem to figure out is the display a custom message when installation is prevented by Group Policy. I see older versions of windows would show a message in the notifications that the item is blocked however I haven't been able to do this in Windows 11 pro. I have found while in Device manager the text showing as the reason it isn't installing however I am hoping for something the users will see so I don't get a lot of calls.

Thank you

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Nguyen Tran 4,175 Reputation points Independent Advisor
    2025-12-05T23:24:24.42+00:00

    Hi Jason,

    We have the same name 😊

    The behavior you’re noticing is by design in Windows 11 22H2 and newer: the old toast notification with a custom message was removed for security and consistency reasons, so blocked devices now only show the reason quietly in Device Manager (“This device is blocked by system policy”) without alerting the user.

    There is, however, a fully supported way to show a friendly pop-up message that your users will definitely see:

    1. Create a simple PowerShell script (e.g., Show-DeviceBlockMessage.ps1) with this one-liner: Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show("Your IT department has blocked this device for security reasons. Please contact the helpdesk if you need it approved.", "Device Blocked", "OK", "Information")
    2. Deploy the script via Intune (Proactive Remediations or as a Win32 app) with a detection rule that checks the specific hardware IDs you’re blocking (pull them from the Device Manager event logs – Event ID 702 under Microsoft-Windows-DeviceSetupManager/Admin).
    3. Set the remediation to run as the logged-on user when the detection triggers – users get a clear, branded message instantly and no longer call you.I hope this helps clarify the situation.

    If you find this answer useful, please hit “Accept Answer” so I know it resolved your concern 😊.

    Jason.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.