How to Hide Specific Drives with Microsoft Intune

Managing and securing devices in an organization is crucial, and Microsoft Intune provides a robust solution for this. One common requirement is to hide specific drives on users’ devices to prevent unauthorized access or to streamline the user experience. Here’s a step-by-step guide on how to achieve this using Microsoft Intune.

Why Hide Drives?

Hiding drives can help:

• Enhance Security: Prevent users from accessing sensitive data.
• Simplify User Experience: Reduce clutter by hiding unnecessary drives.
• Compliance: Ensure users store data in designated locations.

Steps to Hide Specific Drives Using Microsoft Intune

1. Create a Configuration Profile:
   • Sign in to the Microsoft Intune admin center.
   • Navigate to Devices > Manage Devices > Configuration > Policies > + Create > .
   • Select Windows 10 and later as the platform and Templates as the profile type.
   • Choose Administrative Templates and click Create.
2. Configure the Policy:
   • In the Administrative Templates section, go to All Settings.
   • Find the setting Hide these specified drives in My Computer.
   • Enable this setting and select the drives you want to hide from the dropdown menu (e.g., Restrict C drive only).
     
3. Assign the Profile:
   • After configuring the policy, assign it to the appropriate user or device groups.
   • Review and create the profile.
4. Deploy the Profile:
   • Once the profile is created, it will be deployed to the assigned groups.
   • Users will need to restart their devices for the changes to take effect.

Using PowerShell Scripts

If the required settings are not available in the Administrative Templates, you can use PowerShell scripts to modify the registry:

1. Create a PowerShell Script:

   New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDrives" -Value 4 -PropertyType DWORD -Force
   

   The value 4 hides the D drive. Adjust the value according to the drive you want to hide.

2. Deploy the Script via Intune:
   • In the Intune admin center, go to Devices > Manage devices > Scripts and Remediations > Platform Scripts > Add.
   • Upload your PowerShell script and assign it to the necessary groups.

Conclusion

Hiding specific drives using Microsoft Intune is a straightforward process that enhances security and simplifies the user experience. By leveraging configuration profiles or PowerShell scripts, administrators can effectively manage device settings across their organization.