Forum Discussion
Feature Request - Better Bluetooth management options
My organisation is struggling with figuring out the best way to manage Bluetooth. We want to enable it as it provides such a productivity benefit for our customers, but our security team is not having it.
What is the best way to GRANULARLY manage Bluetooth in the enterprise on a Windows 10 Enterprise laptop? (By granularly, I mean, allow only trusted devices/device types)
- Dune DesormeauxMicrosoft
Hi there, thanks for your question!
I've done some digging, looks like SCCM only lets you block or allow all bluetooth connections today. Intune also has additional granularity with configurability around allowing pre-pairing, and discoverability, as well as the ability to set the bluetooth device name.
I totally realize that these don't yet cover what you are looking for (yet) :)
What kind of granularity do you need around device type? Is it important to be able to specify specific, unique device BT whitelist?
- Dan Van DrunenBrass Contributor
Hi Dune,
Thanks for your response.
As you mentioned, InTune can provide some options with regards to manageing Bluetooth, but it seems like a lot to install/configure/sustain *just to manage Bluetooth* on our corporate Windows 10 Enterprise laptops.
Despite advbances in Bluetooth revision, my research showed that Bluetooth LE (Low Energy) devices are still considered insecure. So, I'd like to block all devices of that class. Also, if I have the option to limit to make/model of a specific keyboard, mouse, headset, stylus that our corporation would be issuing with be AMAZING. Then we wouldnt need to worry about vulnerabilities intrduced from other devices and support for the issued devices makes our lives easier.
Right now, without InTune, it's all ALL, or NOTHING.
- Nathan MercerSteel ContributorThis should be the policy you need:
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist
But you need to track down the Bluetooth Service UUIDs for what you want to include support for.