Tracing Settings

%3CLINGO-SUB%20id%3D%22lingo-sub-655746%22%20slang%3D%22en-US%22%3ETracing%20Settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-655746%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20to%20map%20from%20a%20setting%20back%20to%20the%20policy%20that%20set%20it%3F%3C%2FP%3E%3CP%3EI%20have%20two%20users%20using%20a%20Laptop%2C%20the%20laptop%20is%20Intune%20managed%20and%20compliant%2C%20when%20one%20user%20plugs%20in%20a%20USB%20drive%2C%20Bitlocker%20pops%20up%20makes%20the%20drive%20read%20only%20until%20it%20is%20encrypted.%20When%20the%20other%20user%20plugs%20in%20the%20drive%20there's%20no%20sign%20of%20Bitlocker%20and%20the%20drive%20is%20writeable.%20The%20issue%20is%20consistent%20across%20different%20Laptops%20and%20with%20different%20USB%20drives.%20All%20the%20laptops%20have%20encrypted%20OS%20drives.%20It%20would%20appear%20to%20me%20that%20one%20user%20has%20a%20policy%20that%20is%20enforcing%20encryption%20of%20removable%20drives%2C%20so%20I've%20tried%20removing%20policies%20but%20so%20far%20have%20failed%20to%20trace%20this.%20With%20Group%20Policies%20we%20had%20RSOP%20which%20would%20show%20which%20was%20the%20winning%20GP%20.%20Is%20there%20something%20similar%20under%20Intune.%20I've%20looked%20through%20MDMDiagReport.html%20and%20found%20%3CSPAN%3EBFF825...BB368C99A3%3D%3CENABLED%3E%3C%2FENABLED%3E%3CDATA%20id%3D%22%26quot%3BRDVCrossOrg%26quot%3B%22%20value%3D%22%26quot%3Bfalse%26quot%3B%2F%22%3E%20so%20BFF825...%20links%20back%20to%20MDMDeviceWithAAD%20under%20Config%20source%20but%20I%20can't%20see%20how%20that%20helps%3F%3C%2FDATA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-655746%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-658477%22%20slang%3D%22en-US%22%3ERe%3A%20Tracing%20Settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-658477%22%20slang%3D%22en-US%22%3EAs%20an%20update%20I%20found%20this%20was%20being%20enforced%20from%20the%20Security%20Baseline%2C%20I'd%20just%20forgotten%20i'd%20assigned%20that%20to%20my%20account.%20But%20still%20these%20must%20be%20a%20way%20trace%20back%20from%20a%20setting%20to%20the%20relevant%20policy%2C%20especially%20as%20the%20Security%20Baseline%20doesn't%20show%20in%20the%20policy%20list%20under%20'Device%20compliance'%3C%2FLINGO-BODY%3E
Huw Weatherhead
New Contributor

How to map from a setting back to the policy that set it?

I have two users using a Laptop, the laptop is Intune managed and compliant, when one user plugs in a USB drive, Bitlocker pops up makes the drive read only until it is encrypted. When the other user plugs in the drive there's no sign of Bitlocker and the drive is writeable. The issue is consistent across different Laptops and with different USB drives. All the laptops have encrypted OS drives. It would appear to me that one user has a policy that is enforcing encryption of removable drives, so I've tried removing policies but so far have failed to trace this. With Group Policies we had RSOP which would show which was the winning GP . Is there something similar under Intune. I've looked through MDMDiagReport.html and found BFF825...BB368C99A3=<enabled/><data id="RDVCrossOrg" value="false"/> so BFF825... links back to MDMDeviceWithAAD under Config source but I can't see how that helps?

1 Reply
As an update I found this was being enforced from the Security Baseline, I'd just forgotten i'd assigned that to my account. But still these must be a way trace back from a setting to the relevant policy, especially as the Security Baseline doesn't show in the policy list under 'Device compliance'
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies