You want to block ALL Bluetooth devices but allow specific devices using an Application and Device Control (ADC) policy. You find that even though you add the Device ID (for the specific device you want to allow) into the SEPM and configure it properly in the exclude section of the policy, the item is still blocked.
When you use the Class ID (preconfigured in the SEPM) to block either Bluetooth Devices (generic) or Bluetooth Radios you actually end up blocking the Bluetooth receiver from being used in the system (whether it is integrated or USB). In this case, no exception you make will allow any device be used on this system because the Bluetooth receiver itself is being blocked.
If the device you want to allow is a Bluetooth mouse, the Device ID will most likely show up as a HID\HID_MOUSE* rather than a BT* device. Making an exclusion for a specific HID device will not affect your blocking of ALL Bluetooth Devices (generic) or Bluetooth Radio allowing the mouse to work.
Because a device connects to the computer through Bluetooth does not guarantee that it will have a Bluetooth Device ID, some will however. This is where the problem stems from.
The workaround will vary depending on how granular you want to go, the more granular, the more work involved.
Gather a list of device's that you do not want to connect to the Bluetooth receiver (ie, headset, keyboard, mouse, phone, this list could be quite long and this is where most of the work will come in)
Generate the Class ID for these devices (most are already present in the SEPM)
Generate the Device ID of the Bluetooth receiver that you are using. It will likely either start with BTH\ or ROOT\BTW
Generate the Device ID of the items that you want to specifically allow (ie your specific type of headset)
In the Device policy, block all the Class ID's from Step 1 and either BT* and/or ROOT\BTW\* (if you want to block both generic and radio).
In the Device policy, exclude the specific Device ID for the Bluetooth receiver and the specific Device ID for the item that you want to allow.
Imported Document ID: TECH161112
Subscribing will provide email updates when this Article is updated. Login is required.