Hello,
we are in process of looking to deploy bitlocker to go in lieu of an existing encryption application.
We would deploy using Endpoint Manager to Azure-AD joined Devices, with Defender ATP running as security application.
I have a Security Policy currently that enables Bitlocker To-Go on Removable Media Drives; policy now will all users to connect non-encrypted drives, but will require the drive to be encrypted in order to write data to it from the AAD-joined machine. This works as expected, but it has raised some questions for me:
1) Can we prevent opening of removeable media drives on non AAD-joined devices? Need is to restrict the opening of corporate thumb drives to only corporate machines, and not allow the drive to be accessible from personal pc's.
2) is only encryption method a password? can a "corporate key" be created that...