How to Disable Bluetooth using Intune | MEM

In this post, I will show you how to disable Bluetooth using Intune (MEM). When you block Bluetooth access to users in Intune, you can restrict users from connecting Bluetooth devices.

By default, the users can enable Bluetooth on their computers and allow devices to connect to computers. With Intune, you can deploy a device configuration profile and completely turn off the Bluetooth access.

But why you block access to Bluetooth settings and disable it on devices? The answer is leaving the Bluetooth enabled on a device could pose a major security risk, as it leaves data vulnerable to interception. Hackers often use a Bluetooth connection to spread malicious files and viruses.

End users are unaware about these risks and hence it is critical to secure the laptops by blocking the access to Bluetooth and it’ settings.

If you are not using Intune, you can look to disable or block the Bluetooth access either via group policy or some registry tweaks. Thanks to device configuration profiles which makes it easier to disable Bluetooth using Intune with just few easy steps.

We will use the Settings catalog in Intune to deploy a profile that restricts the user to enable Bluetooth. We will test if the access to Bluetooth is disabled both on Windows 10 and Windows 11 computers.

To accomplish this, you must have access to MEM portal and permissions to create and assign the profile. Have a few test AAD groups created so that you can test the policy before deploying it to other computers.

How to Disable Bluetooth using Intune

Here are the steps to block or disable Bluetooth using Intune.

• First, sign in to the Microsoft Endpoint Manager admin center.
• Go to Devices > Windows > Configuration Profiles.
• Create a new Intune Configuration profile and disable the Bluetooth access.

On Windows Configuration Profiles window, click Create Profile to disable Bluetooth access using Intune.

On the Create a Profile window, select Platform as Windows 10 and later. Select profile type as Settings catalog. Click Create.

On the Basics tab, specify the name of the profile as disable Bluetooth access, and you may add a profile description. Click Next.

On the Configuration Settings section, under Settings Catalog, click Add Settings.

On the Settings picker window, type “Bluetooth” in the search box and click Search. The search results include Bluetooth related settings available in Intune. Select Connectivity and select the setting “Allow Bluetooth“.

When you select Allow Bluetooth setting, you find the following options to choose from.

1. Allow Bluetooth – The radio in the Bluetooth control panel will be functional, and the user will be able to Bluetooth on.
2. Reserved – The radio in the Bluetooth control panel will be functional, and the user will be able to Bluetooth on.
3. Disable Bluetooth -The radio in the Bluetooth control panel will be functional, and the user will not be able to Bluetooth on.

Select Disable Bluetooth setting which disables Bluetooth access for users. Click Next.

Before you go further, there are some additional settings available in Intune to manage Bluetooth settings.

Additional Bluetooth Settings available in Intune (MEM)

When you want to block Bluetooth access using Intune, you will find some additional settings that include.

Intune Bluetooth Settings	Description
Allow Advertising	Specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0.
Allow Discoverable Mode	Specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0.
Allow Prepairing	Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
Allow Prompted Proximal Connections	This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
Local Device Name	Sets the local Bluetooth device name. If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy is not set or it is deleted, the default local radio name is used.
Services Allowed List	Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons.
Set Minimum Encryption Key Size	There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.

Let’s get back to Create Profile window. On the Assignments tab, select the groups to which you want to deploy the Profile. Click Add Groups and select the groups. Click Next.

In Intune, Scope tags determine which objects admins can see. On the Scope tags section, you specify scope tags. Click Next.

On the Review + Create section, review all the settings defined to block Bluetooth using Intune and click Create.

After you create a policy to block Bluetooth using Intune, a notification appears “Policy created successfully“. This confirms that we have deployed the policy to groups that should now disable Bluetooth access.

Monitor Device Profiles in Microsoft Intune

You can monitor the device profiles that you deploy in Intune. You can check the status of a profile, see which devices are assigned, and update the properties of a profile.

In the Intune portal, go to Devices > Windows > Disable Bluetooth Access profile. Under Device and user check-in status, you can check if Bluetooth access is disabled or are there any errors.

Finally, on my Windows 11 machine, I can see the Bluetooth is turned off. The setting to enable Bluetooth is greyed out. For end users, it displays a message – Some of these settings are managed by your organization.

I hope this post helps you to disable Bluetooth using Intune. For more posts on Intune, do visit the Intune category.