Share via

Need to create bitlocker policy for USB write access with encryption

TechUST 601 Reputation points
2023-12-20T03:49:01.7233333+00:00

Hi, can we create bitlocker policy in intune to read write access on removable drive with encryption. I can created policy for USB read write access without encryption.. can you suggest if this setting will work for usb read write access with encryption.

Microsoft Security Intune Configuration
Microsoft Security Intune Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal Lee Morgan 380 Reputation points
    2023-12-20T18:05:46.15+00:00

    @TechUST

    Yes, you can create a BitLocker policy in Intune to allow read/write access on removable drives with encryption. To do this, you can follow the steps below:

    Sign in to the Azure portal using the credentials for your Azure subscription.

    Select Intune and then select Device configuration.

    Select Profiles and then select Create profile.

    In the Create a profile page, select Windows 10 and later as the platform and Endpoint protection as the profile type.

    In the Endpoint protection page, select BitLocker and then select Removable drive policy.

    In the Removable drive policy page, select Allow write access to removable drives and then select Encrypt removable drives.

    Configure any other settings that you want to apply to the policy.

    Select Create to create the policy.

    Once you’ve created the policy, you can assign it to the devices that you want to apply the policy to. The policy will then be applied to the devices and the devices will be able to read/write to removable drives with encryption.

    I hope this helps!

    0 comments
  2. ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff
    2023-12-21T02:10:16.0466667+00:00

    @TechUST,Thanks for posting in Q&A.

    From your description, I know want to create BitLocker policy in Intune to read write access on removable drive with encryption.

    Based on my researching, Control use of BitLocker on removable drives setting controls the use of BitLocker on removable data drives and it will be applied when you turn on BitLocker.

    You can enable "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive and enable "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed.

    Also, please note that the policy is only available for device group.

    https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp?WT.mc_id=Portal-fx#removabledrivesconfigurebde

    Hope above information can be helpful.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.