How to block ALL Bluetooth devices but allow specific devices using an Application and Device Control (ADC) policy. Adding the Device ID (for the specific device to allow) into the SEPM and configure it properly in the exclude section of the policy, the item is still blocked.
When using the Class ID (preconfigured in the SEPM) to block either Bluetooth Devices (generic) or Bluetooth Radios, it blocks the Bluetooth receiver from being used in the system (whether it is integrated or USB). In this case, no exception made will allow any device be used on this system because the Bluetooth receiver itself is being blocked.
Example:
If the device to allow is a Bluetooth mouse, the Device ID will most likely show up as a HID\HID_MOUSE* rather than a BT* device. Making an exclusion for a specific HID device will not affect blocking of ALL Bluetooth Devices (generic) or Bluetooth Radio allowing the mouse to work.
Because a device connects to the computer through Bluetooth does not guarantee that it will have a Bluetooth Device ID, some will however. This is where the problem stems from.
The workaround will vary depending on how granularity is needed, the more granular, the more work involved.