How to Disable Bluetooth using Intune | MEM

In this post, I will show you how to disable Bluetooth using Intune (MEM). When you block Bluetooth access to users in Intune, you can restrict users from connecting Bluetooth devices.

By default, the users can enable Bluetooth on their computers and allow devices to connect to computers. With Intune, you can deploy a device configuration profile and completely turn off the Bluetooth access.

But why you block access to Bluetooth settings and disable it on devices? The answer is leaving the Bluetooth enabled on a device could pose a major security risk, as it leaves data vulnerable to interception. Hackers often use a Bluetooth connection to spread malicious files and viruses.

End users are unaware about these risks and hence it is critical to secure the laptops by blocking the access to Bluetooth and it’ settings.

If you are not using Intune, you can look to disable or block the Bluetooth access either via group policy or some registry tweaks. Thanks to device configuration profiles which makes it easier to disable Bluetooth using Intune with just few easy steps.

We will use the Settings catalog in Intune to deploy a profile that restricts the user to enable Bluetooth. We will test if the access to Bluetooth is disabled both on Windows 10 and Windows 11 computers.

To accomplish this, you must have access to MEM portal and permissions to create and assign the profile. Have a few test AAD groups created so that you can test the policy before deploying it to other computers.

How to Disable Bluetooth using Intune

Here are the steps to block or disable Bluetooth using Intune.

On Windows Configuration Profiles window, click Create Profile to disable Bluetooth access using Intune.

Create New Configuration Profile to Disable Bluetooth Access using Intune
Create New Configuration Profile to Disable Bluetooth Access using Intune

On the Create a Profile window, select Platform as Windows 10 and later. Select profile type as Settings catalog. Click Create.

Disable Bluetooth using Intune
Create a Profile to Disable Bluetooth access using Intune

On the Basics tab, specify the name of the profile as disable Bluetooth access, and you may add a profile description. Click Next.

Create Intune Profile
Create Intune Profile – Disable Bluetooth Access

On the Configuration Settings section, under Settings Catalog, click Add Settings.

Add Settings to block Bluetooth
Add Settings to block Bluetooth

On the Settings picker window, type “Bluetooth” in the search box and click Search. The search results include Bluetooth related settings available in Intune. Select Connectivity and select the setting “Allow Bluetooth“.

Settings Picker - Block Bluetooth Access using Intune
Settings Picker – Block Bluetooth using Intune

When you select Allow Bluetooth setting, you find the following options to choose from.

  1. Allow Bluetooth – The radio in the Bluetooth control panel will be functional, and the user will be able to Bluetooth on.
  2. Reserved – The radio in the Bluetooth control panel will be functional, and the user will be able to Bluetooth on.
  3. Disable Bluetooth -The radio in the Bluetooth control panel will be functional, and the user will not be able to Bluetooth on.

Select Disable Bluetooth setting which disables Bluetooth access for users. Click Next.

How to Disable Bluetooth using Intune
How to Disable Bluetooth using Intune

Before you go further, there are some additional settings available in Intune to manage Bluetooth settings.

Additional Bluetooth Settings available in Intune (MEM)

When you want to block Bluetooth access using Intune, you will find some additional settings that include.

Additional Bluetooth Settings available in Intune (MEM)
Additional Bluetooth Settings available in Intune (MEM)
Intune Bluetooth SettingsDescription
Allow AdvertisingSpecifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0.
Allow Discoverable ModeSpecifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0.
Allow PrepairingSpecifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
Allow Prompted Proximal ConnectionsThis policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
Local Device NameSets the local Bluetooth device name. If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy is not set or it is deleted, the default local radio name is used.
Services Allowed ListSet a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons.
Set Minimum Encryption Key SizeThere are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
Bluetooth Settings available in Intune

Let’s get back to Create Profile window. On the Assignments tab, select the groups to which you want to deploy the Profile. Click Add Groups and select the groups. Click Next.

Assignments – Disallow Bluetooth using Intune
Settings Catalog – Disallow Bluetooth using Intune

In Intune, Scope tags determine which objects admins can see. On the Scope tags section, you specify scope tags. Click Next.

Scope Tags - Intune Configuration Profile
Scope Tags – Intune Configuration Profile

On the Review + Create section, review all the settings defined to block Bluetooth using Intune and click Create.

How to Disable Bluetooth using Intune
How to Disable Bluetooth using Intune

After you create a policy to block Bluetooth using Intune, a notification appears “Policy created successfully“. This confirms that we have deployed the policy to groups that should now disable Bluetooth access.

Block Bluetooth using Intune Notification
Block Bluetooth using Intune Policy Notifications

Monitor Device Profiles in Microsoft Intune

You can monitor the device profiles that you deploy in Intune. You can check the status of a profile, see which devices are assigned, and update the properties of a profile.

In the Intune portal, go to Devices > Windows > Disable Bluetooth Access profile. Under Device and user check-in status, you can check if Bluetooth access is disabled or are there any errors.

Monitor Device Profiles in Microsoft Intune
Monitor Device Profiles in Microsoft Intune

Finally, on my Windows 11 machine, I can see the Bluetooth is turned off. The setting to enable Bluetooth is greyed out. For end users, it displays a message – Some of these settings are managed by your organization.

I hope this post helps you to disable Bluetooth using Intune. For more posts on Intune, do visit the Intune category.

Bluetooth Settings Disabled on Windows 11
Bluetooth Settings Disabled on Windows 11

4 Comments

  1. Hello,

    Is possible to block Bluetooth by default, but allow user to enable it?

  2. Hello
    Could you please tell us how to turn off bluetooth file transfer and reception.
    But end user can add bluetooth devices, and peripherals exist continues to work except file transfer and reception which is disabled

  3. Hello
    Could you please tell us how to turn off bluetooth file transfer and reception.

  4. thanks for the information, is this feature only available for windows 11? or does this work on windows 10?

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *