diff --git a/.gitignore b/.gitignore
index a441814..97ac74e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -363,3 +363,5 @@ python/dist
 *.egg-info
 metadata.json
 kql
+.DS_Store
+Misc/.DS_Store
diff --git a/macOS/README.md b/macOS/README.md
index 019d950..a1b84e2 100644
--- a/macOS/README.md
+++ b/macOS/README.md
@@ -1,14 +1,14 @@
 # Device Control for macOS
-
 Resources for Device Control for macOS.
 
-## Policy
-
-Information about device control [policies](policy/README.md) including samples and schemas.
+## Img
+Screenshots and images, that have been added to "README.md" -files.
 
 ## Mobileconfig
-
 Examples of the [mobileconfig](mobileconfig/README.md) used to deploy policies on Intune.
 
 Learn More
-- [Deploy and manage Device Control using Intune](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-device-control-intune?view=o365-worldwide)
\ No newline at end of file
+- [Deploy and manage Device Control using Intune](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-device-control-intune?view=o365-worldwide)
+
+## Policy
+Information about device control [policies](policy/README.md) including samples and schemas.
diff --git a/macOS/img/screenshot-of-device-control-policy-deployment-on-intune.png b/macOS/img/screenshot-of-device-control-policy-deployment-on-intune.png
new file mode 100644
index 0000000..40375fe
Binary files /dev/null and b/macOS/img/screenshot-of-device-control-policy-deployment-on-intune.png differ
diff --git a/macOS/mobileconfig/Microsoft Defender - Device Control - Block All Removable Storage Devices.mobileconfig b/macOS/mobileconfig/Microsoft Defender - Device Control - Block All Removable Storage Devices.mobileconfig
new file mode 100644
index 0000000..6e57ece
--- /dev/null
+++ b/macOS/mobileconfig/Microsoft Defender - Device Control - Block All Removable Storage Devices.mobileconfig	
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1">
+    <dict>
+        <key>PayloadUUID</key>
+        <string>F8E3933F-A0AC-4412-B724-C35A4A624820</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadOrganization</key>
+        <string>Microsoft Corporation</string>
+        <key>PayloadIdentifier</key>
+        <string>com.microsoft.wdav</string>
+        <key>PayloadDisplayName</key>
+        <string>Microsoft Defender - Device Control: Block All Removable Storage Devices</string>
+        <key>PayloadDescription</key>
+        <string>Blocks all removable storage devices using Device Control from Microsoft Defender</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+        <key>PayloadEnabled</key>
+        <true/>
+        <key>PayloadRemovalDisallowed</key>
+        <true/>
+        <key>PayloadScope</key>
+        <string>System</string>
+        <key>PayloadContent</key>
+        <array>
+            <dict>
+                <key>PayloadUUID</key>
+                <string>FE0AD77D-5C66-43F9-AFF2-12B18453A81B</string>
+                <key>PayloadType</key>
+                <string>com.microsoft.wdav</string>
+                <key>PayloadOrganization</key>
+                <string>Microsoft Corporation</string>
+                <key>PayloadIdentifier</key>
+                <string>com.microsoft.wdav</string>
+                <key>PayloadDisplayName</key>
+                <string>Microsoft Defender - Device Control: Block All Removable Storage Devices</string>
+                <key>PayloadDescription</key>
+                <string>Blocks all removable storage devices using Device Control from Microsoft Defender</string>
+                <key>PayloadVersion</key>
+                <integer>1</integer>
+                <key>PayloadEnabled</key>
+                <true/>
+                <key>dlp</key>
+                <dict>
+                  <key>features</key>
+                    <array>
+                        <dict>
+                            <key>name</key>
+                            <string>DC_in_dlp</string>
+                            <key>state</key>
+                            <string>enabled</string>
+                        </dict>
+                    </array>
+                </dict>
+                <key>deviceControl</key>
+                <dict>
+                    <key>policy</key>
+                    <string>
+{
+  "groups": [
+    {
+      "$type": "device",
+      "id": "cf4769ca-4553-4771-8cf7-f32063af02ed",
+      "name": "Block All Removable Storage Devices",
+      "query": {
+        "$type": "and",
+        "clauses": [
+          {
+            "$type": "primaryId",
+            "value": "removable_media_devices"
+          }
+        ]
+      }
+    }
+  ],
+  "rules": [
+    {
+      "id": "f34eb107-a01d-46a1-9c9b-3dcb6d3fcd14",
+      "name": "Block All Removable Storage Devices",
+      "includeGroups": [
+        "cf4769ca-4553-4771-8cf7-f32063af02ed"
+      ],
+      "entries": [
+        {
+          "$type": "removableMedia",
+          "id": "773215a8-3409-475d-862a-07f2b7df4042",
+          "enforcement": {
+            "$type": "deny"
+          },
+          "access": [
+            "read",
+            "write",
+            "execute"
+          ]
+        },
+        {
+          "$type": "removableMedia",
+          "id": "d6fdb6d6-b147-4f35-826a-849a2d69326f",
+          "enforcement": {
+            "$type": "auditDeny",
+            "options": [
+              "send_event",
+              "show_notification"
+            ]
+          },
+          "access": [
+            "read",
+            "write",
+            "execute"
+          ]
+        }
+      ]
+    }
+  ],
+  "settings": {
+    "features": {
+      "removableMedia": {
+        "disable": false
+      }
+    },
+    "ux": {
+      "navigationTarget": "https://helpdesk.example.com/"
+    }
+  }
+}
+                    </string>
+                </dict>
+            </dict>
+        </array>
+    </dict>
+</plist>
diff --git a/macOS/mobileconfig/README.md b/macOS/mobileconfig/README.md
index 73c6f38..69a6f3d 100644
--- a/macOS/mobileconfig/README.md
+++ b/macOS/mobileconfig/README.md
@@ -1,5 +1,26 @@
 # Device Control for macOS Deployment
 
+In this page, we have gathered some example device control policies for macOS.
+
+## Microsoft Defender - Device Control - Block All Removable Storage Devices.mobileconfig
+
+Ready-to-deploy example mobileconfig file to block all removable storage devices using Device Control on Microsoft Defender. This policy is following version 2 schema. This policy also enables Data Loss Prevention (DLP), that is required to device control to operate.
+
+### Before deploying this policy, please do following ones
+1. Remove placeholder URL from line 123 and add appropriate URL instead. Good example is address to your local IT Helpdesk website from your company, where employees can contact if they need more information of applied restriction.
+2. Make sure, that Microsoft Defender have full disk access. [More information can be found here how that can be done](https://learn.microsoft.com/en-us/defender-endpoint/mac-device-control-overview).
+
+> [!IMPORTANT] 
+> If you have already deployed all needed policies (as ".mobileconfig" file format) to Microsoft Defender, like full disk access, via MDM, please make sure, that you have up-to-date mobileconfig policy files applied so Device Control feature will work appropriately.
+>
+>For example, easiest way to do the update mobileconfig policy file of full disk access is to upload available mobileconfig policy file to existing policy, that will replace older mobileconfig policy file with newer one. 
+>
+> Check latest mobileconfig policy files [here](https://learn.microsoft.com/en-us/defender-endpoint/mac-install-with-intune).
+
+### Screenshot exapmple of the deployment via Intune
+
+![Screenshot example](../img/screenshot-of-device-control-policy-deployment-on-intune.png)
+
 ## demo.mobileconfig
 
 An example mobileconfig file demonstrating how to deploy a DC policy.
@@ -39,4 +60,4 @@ The v2 Device Control policy is now set via the `deviceControl/policy` key.  The
 
 ## schema.json
 
-The [mdatp-xplat](https://github.com/microsoft/mdatp-xplat) repo's [schema.json](https://github.com/microsoft/mdatp-xplat/blob/master/macos/schema/schema.json) has been updated to expose both the `deviceControl/policy` and `dlp/features` configurations.
\ No newline at end of file
+The [mdatp-xplat](https://github.com/microsoft/mdatp-xplat) repo's [schema.json](https://github.com/microsoft/mdatp-xplat/blob/master/macos/schema/schema.json) has been updated to expose both the `deviceControl/policy` and `dlp/features` configurations.