Bitlocker encryption to usb external device using Intune
Question
Hi Team,
We have got an request to enable the bitlocker encryption for the usb external device using Intune.
We have an option in Intune to set, advise please if any one has done the setup successfully.
Thanks,
A
Answers ( 3 )
Hello – I’m not sure I have noticed that option to encrypt USB drive with Intune policies.
You can disable the USB drive with Intune policies.
You can put a lot more control on USB drives with Defender ATP policies.
Can you provide more details about which Intune policy that you are referring to?
Hi Anoop,
I am referring to Endpoint protection -> Windows Encryption. We have few option to encrypt OS Drive, Fixed Drive and Removable Drive through this policy.
I am trying to achieve the encryption for removable drive, not sure which are settings to be set.
Thanks,
A
Hello Alex – I see what you mean …This is this policy you are referring to … I have not played around with this yet.
BitLocker – Removable Drive Settings
BitLocker removable drive policy – Configure or Not configured
Configure encryption method for removable data-drives
Block write access to removable data-drives not protected by BitLocker – Yes/Not configured
Block write access to devices configured in another organization
BitLocker removable drive policy
This policy setting is used to control the encryption method and cipher strength. The values of this policy determine the strength of the cipher that BitLocker uses for encryption. Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128). If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.
For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored.
Learn more