Hi! There's a thing called DMA attack available on Windows OS. We can protect it by using Group Policies and preventing certain types of devices of installing or accessing Firewire/Thunderbolt-ports. Here are 2 links about this case:
From the latter link the first sentence however states that:
"For Windows version 1803 and later versions, if your platform supports the new Kernel DMA Protection feature, we recommend that you leverage that feature to mitigate Thunderbolt DMA attacks. "
The info about OS supporting Kernel DMA protection can be found as easily as running System Information and on the System Summary page there's a flag for Kernel DMA Protection (On | Off)
This would help to see the status of the DMA Protection and could help to either evaluate the need of Group Policy or make a decission if a device can be excluded from the the Group Policy made for restricting DMA.