Do I need to add the key and if so, is it just a DWord or something else? I don't see PreventDeviceEncryption as an option.
Just to ask, this won't cause the main workstation to lose encryption?
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
At some point I setup Intune to require USB drives to be bitlocker encrypted but I can't find where I did that, and all the places documentation has sent me, the policy is not there. I am guessing at some point in the past. I had enabled this and then disabled it later months ago and forgot about it.
In one article I saw mention that makes it look like even if I had removed the requirement a registry change had been made. If this is true, where would the key be to change it to not be required. I am running Windows 10 Enterprise.
Doesn't look like it can be done from what I have seen and read, but is there a way to have an encrypted bitlocker USB to auto-unlock in the system it was bitlockered? Don't want to deal with passwords.
Do I need to add the key and if so, is it just a DWord or something else? I don't see PreventDeviceEncryption as an option.
Just to ask, this won't cause the main workstation to lose encryption?
@Jon Mercer, Thanks for posting in Q&A. Yes, your understanding is correct. In fact, Intune settings are based on the Windows configuration service provider (CSPs). The behavior depends on the CSP. Some CSPs remove the setting, and some CSPs keep the setting, also called tattooing.
For the BitLocker setting, it is tattooing.
To disable the requirement for USB drives to be BitLocker encrypted, you can check the registry key PreventDeviceEncryption. You can update the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker registry key and set the value of PreventDeviceEncryption to False. This should disable the requirement for USB drives to be BitLocker encrypted.
If the USB is already encrypted, to disable it, you need to turn off BitLocker. But you have your BitLocker PIN or password entered to decrypt the USB drive. And I don't find the method to auto-lock it. So I think you still need to ask end user to enter their BitLocker password or PIN.
https://recoverit.wondershare.com/harddrive-recovery/how-to-disable-bitlocker-windows-10.html
Note: non-Microsoft link, just for the reference.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.