Skip to content

Peripheral Control

Set device policies once and watch every peripheral connection across your fleet.

USB Bluetooth Thunderbolt Exception Rules Activity Log Alerts
4
Device classes
4
Policy actions
90 days
Query window
Org to device
Policy scope

Peripheral Control lets you define organization-wide policies for USB, Bluetooth, and Thunderbolt peripherals. Policies set whether device classes are allowed, blocked, mounted read-only, or flagged for alerting, while the Breeze agent evaluates them locally, logs every connect and disconnect, and reports activity back for centralized visibility and auditing.

Policy-Based Control

Each policy targets a device class (USB storage, all USB, Bluetooth, or Thunderbolt) and applies one of four actions: allow, block, read-only, or alert. The first policy whose device class matches a detected peripheral wins, so you can layer broad and specific rules without conflicts.

Hierarchical Scope

Policies are scoped through the multi-tenant hierarchy. Target an entire organization, individual sites, device groups, or specific devices, and Breeze distributes each new or updated policy to agents through its job pipeline so they enforce on the next sync.

Exception Rules

Exception rules let approved peripherals bypass a policy’s default action. Each rule matches on vendor, product, or serial number and can carry a reason and expiration date, useful for permitting an encrypted field-tech drive while blocking everything else. Rules are checked before the policy action is applied.

Activity Logging

The Breeze agent logs every peripheral event (connected, disconnected, blocked, mounted read-only, and policy override) with full metadata including vendor, product, and serial number. Query the activity log by organization, device, policy, event type, or peripheral across a window of up to 90 days for auditing and compliance.

Real-Time Alerts

When an agent reports a blocked peripheral, Breeze publishes a high-priority event through the event bus for real-time alerting, so unexpected device connections surface immediately rather than sitting in a report. Alert-action policies let a peripheral connect normally while still generating an event for review.

Cross-Platform Detection

The agent detects peripherals using platform-native APIs: Windows Device Manager and the Bluetooth stack, macOS IOKit and IOBluetooth, and sysfs/udev on Linux. Each peripheral is identified by vendor, product, serial number, and device class, then evaluated against locally cached policies in real time.

Deploy for Free Start Cloud Beta ← All Features

Ready to see Peripheral Control in action?

Book a 20-minute demo to see how Peripheral Control works in your environment, or compare plans and self-host today.

Book a Demo(opens in new tab) See Pricing Or self-host free →(opens in new tab)

Ready to try Breeze?

Self-host the open-source agent or join the managed cloud beta. No credit card required.

Start Cloud Beta Deploy for Free(opens in new tab)

Related features

All features →

Device Management

Know what is running, what is drifting, and what needs action.

Remote Access

Connect to endpoints securely from a single web interface.

First in RMM

AI Assistant

AI that can act safely across your fleet.

Patch Management

Run patching as a controlled lifecycle, not a one-off task.

Coming from another RMM? See how Breeze compares on price, features, and openness.

Compare Breeze
Book a Demo(opens in new tab) See Pricing