Get the latest insights and exclusive content delivered to your inbox
Organizations increasingly rely on Bluetooth peripherals such as headsets, keyboards, and speakers for productivity, but unmanaged device connections pose serious risks. By configuring Windows Policy CSP for Bluetooth through Intune, IT admins can ensure that only specific, approved Bluetooth devices are allowed, while file transfer and untrusted device access are blocked to protect company data. This post is a step-by-step guide to use Intune to block (or allow) Bluetooth devices.
Why Secure Bluetooth Connections?
Bluetooth allows seamless pairing of devices, but it can also be a pathway for unauthorized file transfer, data leakage, and malicious access. For regulated sectors and companies prioritizing data protection, controlling which Bluetooth services and devices are trusted is essential.
Intune + Settings catalogue:
Microsoft Intune lets you define security policies for your managed Windows devices. To enforce restrictions at the Bluetooth service level, we can use the settings catalogue for Bluetooth, available on Pro, Enterprise, Education, and IoT editions.
Using ServicesAllowedList: Allow Only Specific Bluetooth Services
The ServicesAllowedList policy enables you to specify which Bluetooth profiles and services are permitted. This is done by listing allowed service UUIDs in canonical format, separated by semicolons.
The following UUID Devices will only (you can add more devices to the list based on your needs) be able to pair and communicate with peripherals matching these profiles; all other Bluetooth peripheral types (e.g., file transfer devices, unapproved speakers) are blocked.
UUID
Description
Typical Use
0000111E-0000-1000-8000-00805F9B34FB
Hands-Free Profile (HFP): Wireless headset/hands-free support
Headsets, car kits
00001203-0000-1000-8000-00805F9B34FB
Generic Audio Service: General Bluetooth audio service
Audio devices
00001108-0000-1000-8000-00805F9B34FB
Headset Profile: Classic Bluetooth headset interface
Go to Devices –> Windows –>Configuration > policies –>New policy create or edit a configuration profile.
Select Platform as Windows 10 and later and Platform Type as Settings catalog
Name the profile, description and click Next
In the configuration settings, Click Add settings and search for Bluetooth and Allow them.
Select the following :
Allow Advertising
Allow Discoverable Mode
Allow Prepairing
Services Allowed List (with list of UUID as stated above or your custom list if you have)
Assign the policy to targeted device groups and click Next to create the policy. (TEST TEST TEST before production rollout)
This method allows enterprise IT teams to enforce granular Bluetooth controls using Intune, meeting key security hardening and compliance requirements without sacrificing approved device functionality
By restricting Bluetooth to only essential services, companies proactively prevent unauthorized device connections and protect sensitive data from being transferred or accessed by rogue peripherals. This approach can be tailored for different user groups or device types, ensuring both security and productivity.
Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.
Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent
Thank you for subscribing to our newsletter or requesting a quote.
You will receive our next month's newsletter. If you have requested a quote, we will get in touch with you as soon as possible.
Comment Sent
Thank for your reply!
Error
Something went wrong!
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are accepting it.
Only authorized users can leave comments
Log In