Total blockage of all endpoint devices may be the choice of security, however, there may be times when specific users may need access to some devices.   For example the IT team would need CD/DVD access to install software, the marketing department may need USB flash access to store presentations etc. 

 Through the Allowed List feature, permission policies of authorized devices can be assigned to specific users.  Depending on the device type, permissions of read, write or no access can be assigned to the users.   This minimizes leakage of sensitive data or infection of systems through unapproved or personal employee devices. 

 Devices that are added to the Allowed List can allow users access to only company authorized devices.  Users would have read/write privileges to those devices listed under the Allowed List.