This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. The recommended state for this setting is: Enabled. Rationale: It is important to ensure that any present removable drives are always included in any type of scan, as removable drives are more likely to contain malicious software brought in to the enterprise managed environment from an external, unmanaged computer. Impact: Removable drives will be scanned during any type of scan by Microsoft Defender Antivirus.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Enabled: To access the Device Configuration Policy from the Intune Home page: Click Devices Click Configuration profiles Click Create profile Select the platform (Windows 10 and later) Select the profile (Administrative Templates) Click Create Enter a Name Click Next Configure the following Setting Path: Computer Configuration\Windows Components\Microsoft Defender Antivirus\Scan Setting Name: Scan removable drives Configuration: Enabled Select OK Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.) Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy. Default Value: Disabled. (Removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.)