Intune Bitlocker for USB/external drive (Missing policy for Azure AD Join scenario)

Pa_D 1,071 Reputation points
2021-05-04T16:53:39.28+00:00

When we enable "Block write access to devices configured in another organization" in Intune Bitlocker policy.
93681-image.png

We also need to deploy an Onprem GPO "Provide unique identifier for your organization". This will allow the PC to differentiate the Org it belongs to.

93573-image.png

"Provide unique identifier for your organization" is missing in Intune. Because of this we cannot use "Block write access to devices configured in another organization" policy.

Looking for suggestions how we implement "Block write access to devices configured in another organization" in Intune for Azure AD Join (not hybrid domain join)?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,952 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,943 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,294 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,431 Reputation points
    2021-05-05T03:07:01.353+00:00

    @Pa_D Thanks for posting in our Q&A.

    For this issue, currently, there is no method to configure "Provide unique identifier for your organization" via intune. I find someone has the same requirement in intune uservoice. We can vote here. This is a place to collect customers' requirements and problems.
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/41469799-bitlocker-policy-provide-the-unique-identifiers-f

    Given this situation, I just have an idea. Maybe we can write Powershell Scripts to set "Provide unique identifier for your organization" and deploy the Powershell Scripts via intune.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. rocketnumber9 1 Reputation point Microsoft Employee
    2022-12-08T17:58:59.523+00:00

    This is already possible by creating a configuration profile, from settings catalog:

    268716-image.png

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.