Security News > 2022 > March > Windows 11 adds a BitLocker exclusion policy for USB drives
Microsoft has released a new Windows 11 build with a long list of changes, improvements, and fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel.
The build's highlight is a new policy for Windows admins who want to exclude USB removable drives from BitLocker encryption.
"When this policy is enabled, you will not be able to encrypt storage that is on the exclusion list, and you will not be prompted for encryption if you connect such storage to a device while 'Deny write access to removable drives not protected by BitLocker' policy is enabled on it."
The new policy can only be configured by IT administrators via mobile device management and Windows client custom profiles using OMA-URI settings.
The detailed procedure admins have to go through to exclude storage from encryption requires them to gather the Hardware IDs of the devices they want to exclude and to configure the BitLocker Exclusion list Policy in Intune using the steps detailed in today's announcement.
Microsoft asked Windows Insiders who will give the new policy a spin to file any feedback they have using the Feedback Hub under Security and Privacy > BitLocker and Device Encryption.