We had a similar constallation. We migrated from 8.7 to 9.0. As far as I know there is no easy way to migrate your Device Control settings to the new Version.
The functions in blocking Devices is given in 9.x as it is in 8.x though it improved in my opinion. You have a much better overview which devices are allowed and which are blocked. Also I think the way the Device Control works changed. In version 8.x the drivers were sort of kicked out when a device was detected which was not allowed, now there is much more of a service controlling the access (I don't know how this works exactly).
The new version provides you with the benefit, that all blocked devices are shown in the Management Suite in realtime. So if anyone plugs in a blocked device, you can see it in the security activity and also add exceptions for the blocked devices.
As I remember this wasn't so easy with 8.x, here you had to distribute a configuration to all clients right? Now the clients get their configuration through the Sec&Patchs scan.
We had to create a completely new configuration with adding all the exceptions we had in the prior version. This was a bit of work because we also block drives and cardreaders by default. So we had to wait for the people to call when a device was blocked which was accessible in the past.