Hi there,
1. Enter in SEPM Console -> Policies Tab -> Application and Device Control
(next you re creating Device Name in Policy Components -> Hardware Devices. with identification USBSTOR*)
2. Add Policy -> Application Control -> Block Writing to USB Drives
3. on Device Control -> in Blocked Devices click Add -> select USB class -> OK
4. on Devices Excluded from Blocking -> click Add -> choose Human Interface Devices -> OK
5. and finnaly apply this policy to Groups
hope it will help you