12. Enable Bitlocker on USB drives over RDP
By default, bitlocker does not allow encryption to be enabled on USB devices over RDP connections – this happens because RDP treats USB drives as mapped network drives and not external drives. This enables direct drive access for RDP connections. This is unsafe.
Enable bitlocker on usb drives over rdp policy
Computer Configuration › Administrative Templates › System › Removable Storage Access
All Removable Storage: Allow direct access in remote sessions