Hi Jon, Endpoint Security ASR does not block hardware devices but can provide some of the capabilities you're looking for. For instance, you can create device groups then apply different ASR rules to each group which allows you to customize the security settings based on the group's needs. The process of adding devices to a group is not entirely automated, you have to manually add devices to a device group. Read more on creating device groups from this documentation and how to use ASR rules from here.
A better way of managing hardware restrictions would be using you can using the Device restriction profiles in Intune. Create a device restriction profile with a list of allowed or blocked hardware devices for a group of users. Learn more on creating device restriction profiles for Windows 10/ Windows 11 devices using Intune from this page.