Change the way you manage/control peripherals - allow/block
Peripheral management/control seems backward - an administrator should be able to globally allow devices and then have the ability to block unauthorized devices via the exemptions option. Currently you have to block devices globally and then add exemptions for allowable devices. When you have hundreds or more of devices that need to be approved, it is neither efficient or practical.
Our customers have a similar issue - they want to enable ALL webcams apart from one or two and this currently requires unblock by loads of different models & can't just allow MTP/PTP devices as that is too general.