Intune Bitlocker for USB/external drive (Missing policy for Azure AD Join scenario)

Question

When we enable "Block write access to devices configured in another organization" in Intune Bitlocker policy.

We also need to deploy an Onprem GPO "Provide unique identifier for your organization". This will allow the PC to differentiate the Org it belongs to.

"Provide unique identifier for your organization" is missing in Intune. Because of this we cannot use "Block write access to devices configured in another organization" policy.

Looking for suggestions how we implement "Block write access to devices configured in another organization" in Intune for Azure AD Join (not hybrid domain join)?

Answer 1

@Pa_D Thanks for posting in our Q&A.

For this issue, currently, there is no method to configure "Provide unique identifier for your organization" via intune. I find someone has the same requirement in intune uservoice. We can vote here. This is a place to collect customers' requirements and problems.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/41469799-bitlocker-policy-provide-the-unique-identifiers-f

Given this situation, I just have an idea. Maybe we can write Powershell Scripts to set "Provide unique identifier for your organization" and deploy the Powershell Scripts via intune.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

This is already possible by creating a configuration profile, from settings catalog: