Forum Discussion
Block Bluetooth file transfer
Yes, you can configure the Bluetooth allowed services setting in Device control policy which is a part of Attack Surface reduction, and specify which services you want to allow. Below provides more details.
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-bluetooth#bluetooth-servicesallowedlist
Thanks,
Si
Sohel68 Hey,
to my understanding of how we block file transfer with Bluetooth is to do not allow the file transfer service in the Device Control policy that are related to allow the file transfer. So I think I would add all Bluetooth services to the "Bluetooth allowed services" list except those which would allow the file transfer.So, do not add the following Bluetooth services to the "Bluetooth allowed services" list:
The ID´s that you should not add to your intune policy´s Bluetooth service allow list are the following:
- 00001105-0000-1000-8000-00805F9B34FB
- 00000008-0000-1000-8000-00805F9B34FB
If you do configure all your Bluetooth services all in one policy.
It would be appreciated if some of you pros could confirm my approach and see if I'm on the right track.
Thank you.
Thank you, we are already using this service allowed method of approach only. However, we have challenge that, for specific Bluetooth models like Sony wireless headset model WH-1000XM5, WH-XB910N, etc while doing so the Voice (Mic) service alone is getting blocked. we have already added all the class service UUIDs in that Service Allowed list except File transfer but Voice (Mic) alone is not working for certain models.
Is there a way to block only Bluetooth File Transfer service alone so that all remaining services to be allowed to avoid the challenges of required services not working scenarios.
Thanks,
Sridhar L
Hii Sir
I would like a setting from Windows Active Directory to have block bluetooth but only connect bluetooth headphones which only transmits audio but no data or file sharing.
It is Possible or not...?
If it possible then please guide me...!
