Problem Statement
We are about to new on Intune, We want to know if there is any Intune configuration policy that can disable USB drive if that drive does not use BitLocker encryption. All computers are using Windows 10 Professional. Can you please help me out in this case because we have been finding such policy to protect our client systems and drives
Solution Statment
Microsoft Intune provides you the option “deny write access to removable data-drive not protected by BitLocker “. The USB drive will be mounted as read-only. But if you are looking exactly settings what you wrote in your problem, then there is not such Intune configuration setting available in Intune. Moreover, the problem is, you can not avail this setting either because you are using windows 10 pro and this setting is not available in windows 10 pro.
If you have windows 10 Enterprise, business and education, then you can configure this option by going to Device Configuration –> Profiles –> Endpoint Protection –> Windows Encryption. You can block the write access to removable device-drive not protected by BitLocker. By default, this setting comes up with the disbable state.
You can also do the same thing by using CSP Policy as given below