What a nice security improvement, many thanks for developing this! It should be default in all operating systems to only accept known USB devices and in the case of new USB devices prompt the user with a clear warning message.
It is a tricky area to add layers of security to. In theory, you would want a device to refuse any connections unless it is explicitly agreed upon. At the same time, you average user will start calling Tech support everytime they hit the road block of "not being able to use the USB". In orgs with sensitive info, it should be mandatory, but others may be better off without it.
What if current input or output devices are broken so you can not prompt the user on them? What if they are broken in a such way that operation system does not know that they are broken, and you can not physically detach them because they are integrated? What if your user can not use their old output or input devices because they lost (some of) their sense(s) or limb(s)?