Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, January 18, 2018 11:05 PM
Hi All,
I am fairly new to Intune and wanted to know if there is an Intune configuration policy that disables USB drive that do not use Bitlocker encryption. All client computers use Windows 10 Pro.
I hope you can help.
Colin
All replies (5)
Friday, January 19, 2018 1:29 AM
I don't think there is that specific setting, however for the other Bitlocker settings it requires Enterprise version. For a list of settings see https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
Friday, January 19, 2018 7:39 AM | 1 vote
Hello,
Intune enables to deny write access to removable drives not protected by BitLocker. The drive will be mounted as read-only. However, this setting is NOT available to Windows 10 Pro.
You can configure this option at location Device configuration -> Profiles -> Endpoint Protection -> Windows Encryption.
Another method, you also can use CSP policy.
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, January 19, 2018 8:23 AM | 1 vote
The setting that Andy mentions IS available in pro using standard GPOs.
Conclusion: you cannot disable unencrypted devices, but you can make them read-only.
Monday, January 22, 2018 10:58 AM
Both Andy and Ronald’s solutions are correct, I’ve used this policy before and the USB volumes are read-only when setup.
Thursday, February 6, 2020 2:30 AM
Hi All,
I am fairly new to Intune and wanted to know if there is an Intune configuration policy that disables USB drive that do not use Bitlocker encryption. All client computers use Windows 10 Pro.
I hope you can help.
Colin
You can block Removable storage as suggested in this document: https://docs.microsoft.com/en-us/intune/configuration/device-restrictions-windows-10
Bear in mind that once the setting is set to Block, there is no way you can revert it via Intune.