Blocking execution of Autorun with Windows Defender?

Autorun was disabled around Vista onwards for reasons of malware risk.

How AutoRun Malware Became a Problem on Windows, and How It Was (Mostly) Fixed

To replicate that functionality you need a third party program, as I understand it.
How to Auto-Run Windows Programs When You Plug In a USB Drive
How to Make Windows Autorun USB Flash Drives • Raymond.CC

However, it may be you're asking the converse question- how can it be disabled..?

What behaviour are you experiencing if you plug in a flash drive?

I don't think you're referring to Autoplay, which is quite different, as you mention 'Autorun commands'.

Windows Defender has an anti ransomware facility called Controlled Folder Access that can help mitigate external USB activity.
Up to W10 1803 it's a bit clunky as you have to go into Event Viewer to see the full file path of blocked access events (I.D 1123) and then whitelist the file path in Defender if happy it is legit.
Apparently from 1809 onwards it is all whitelistable from within defender, so much easier. (Thanks to @Bree for that nugget).

Another option is to use individually switchable USB hubs into your USB sockets, keeping them off until needed.
It won't stop a malicious actor who knows what they are doing but for casual security to stop kids etc. plugging in random flash drives et al it would work, and also for things like webcams, microphones.

If you have Home, there should be registry settings corresponding to the group policy settings, where you could disable Autorun.

The registry key and information on using it are towards the end of this MS article, which should let you disable Autorun completely.

See under this heading:
How to disable or enable all Autorun features in Windows 7 and other operating systems

https://support.microsoft.com/en-gb/...ity-in-windows


This is how that group policy is described: Note the default behaviour at the bottom.

This policy setting sets the default behavior for Autorun commands.

Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.

Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.

This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.

If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:

a) Completely disable autorun commands, or
b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command.

If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.

Look at a BIOS password also...https://www.howtogeek.com/186235/how...uefi-password/

And U2F keys, FIDO et al with pre-boot authorisation.