Bitlocker encryption to usb external device using Intune


Hi Team,

We have got an request to enable the bitlocker encryption for the usb external device using Intune.

We have an option in Intune to set, advise please if any one has done the setup successfully.



Answers ( 3 )

  1. Hello – I’m not sure I have noticed that option to encrypt USB drive with Intune policies.

    You can disable the USB drive with Intune policies.
    You can put a lot more control on USB drives with Defender ATP policies.

    Can you provide more details about which Intune policy that you are referring to?


      Hi Anoop,

      I am referring to Endpoint protection -> Windows Encryption. We have few option to encrypt OS Drive, Fixed Drive and Removable Drive through this policy.
      I am trying to achieve the encryption for removable drive, not sure which are settings to be set.


      • Hello Alex – I see what you mean …This is this policy you are referring to … I have not played around with this yet.

        BitLocker – Removable Drive Settings
        BitLocker removable drive policy – Configure or Not configured
        Configure encryption method for removable data-drives
        Block write access to removable data-drives not protected by BitLocker – Yes/Not configured
        Block write access to devices configured in another organization

        BitLocker removable drive policy
        This policy setting is used to control the encryption method and cipher strength. The values of this policy determine the strength of the cipher that BitLocker uses for encryption. Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128). If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.

        For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored.
        Learn more

Leave an answer

Sorry, you do not have permission to answer to this question .