Controlled Folder Access is a Windows Defender ATP component that protects rogue programs from writing to your Documents, Pictures and other profile related personal document folders. The idea being that if you were unlucky enough to run a crypto locker then it would be blocked from encrypting all your personal files.
Microsoft says that the component is intelligent enough to allow Microsoft processes through. However, I and many others on the forums have found this to not be the case. For this reason I have started compiling a list of processes that have thrown alerts whilst deploying and will use this going forward.
If you want to use this then you can put this into a CSV and then click import within Intune.