I would like to use hardware security keys in an environment where it is additionally needed to lock down any ways in which a user could download data to a device like a usb key. Is it possible to lock down a usb slot in a way, that file transfer is not possible but hardware security keys still work?
In my case the scenario would include Windows 10 Pro as an OS and preferably a fido2 capable key.