Forum Discussion

Dan Van Drunen's avatar
Dan Van Drunen
Brass Contributor
Jun 21, 2017

Feature Request - Better Bluetooth management options

My organisation is struggling with figuring out the best way to manage Bluetooth. We want to enable it as it provides such a productivity benefit for our customers, but our security team is not having it.

 

What is the best way to GRANULARLY manage Bluetooth in the enterprise on a Windows 10 Enterprise laptop? (By granularly, I mean, allow only trusted devices/device types)

  • Hi there, thanks for your question!

     

    I've done some digging, looks like SCCM only lets you block or allow all bluetooth connections today. Intune also has additional granularity with configurability around allowing pre-pairing, and discoverability, as well as the ability to set the bluetooth device name.

     

    I totally realize that these don't yet cover what you are looking for (yet) :)

     

    What kind of granularity do you need around device type? Is it important to be able to specify specific, unique device BT whitelist?

    • Dan Van Drunen's avatar
      Dan Van Drunen
      Brass Contributor

      Hi Dune,

      Thanks for your response.

       

      As you mentioned, InTune can provide some options with regards to manageing Bluetooth, but it seems like a lot to install/configure/sustain *just to manage Bluetooth* on our corporate Windows 10 Enterprise laptops.

       

      Despite advbances in Bluetooth revision, my research showed that Bluetooth LE (Low Energy) devices are still considered insecure. So, I'd like to block all devices of that class. Also, if I have the option to limit to make/model of a specific keyboard, mouse, headset, stylus that our corporation would be issuing with be AMAZING. Then we wouldnt need to worry about vulnerabilities intrduced from other devices and support for the issued devices makes our lives easier.

       

      Right now, without InTune, it's all ALL, or NOTHING.

Resources