deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

chore: Update passkeys documentation with Bluetooth-restricted environments information

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-07-23 11:48:42 -04:00
parent 57aec2a6b9
commit 01c555674f
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/identity-protection/passkeys/index.md
View File

@ -319,14 +319,14 @@ Some organizations restrict the use of Bluetooth, preventing the use of passkeys
The following table provides an example of CSP settings to allow passkeys in a Bluetooth-restricted environment:
| Setting |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowAdvertising][CSP-1] <li>Data type: **Integer** </li><li>Value:`0` </li><br>When set to `0`, the device won't send out advertisements.|
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowDiscoverableMode][CSP-2] <li>Data type: **Integer** </li><li>Value:`0` </li><br>When set to `0`, other devices won't be able to detect the device. |
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPrepairing][CSP-3]<li>Data type: **Integer** </li><li>Value:`0` </li><br>Prevents specific bundled Bluetooth peripherals to automatically pair with the host device.</li> |
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPromptedProximalConnections][CSP-4] <li>Data type: **Integer** </li><li>Value:`0`</li><br>Prevents users from using Swift Pair and other proximity-based scenarios.|
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[ServicesAllowedList][CSP-5] </li><li>Data type: **String** </li><li>Value:`{0000FFFD-0000-1000-8000-00805F9B34FB};{0000FFF9-0000-1000-8000-00805F9B34FB}` <br><br> Set a list of allowable Bluetooth services and profiles: <br>- FIDO Alliance Universal Second Factor Authenticator service (`0000fffd-0000-1000-8000-00805f9b34fb`) <br>- FIDO2 secure client-to-authenticator transport service (`0000FFF9-0000-1000-8000-00805F9B34FB`)<br><br>For more information see [FIDO CTAP 2.1 standard specification][BT-1] and [Bluetooth Assigned Numbers document][BT-2]. |
| OMA-URI: `./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/`[PreventInstallationOfMatchingDeviceIDs][CSP-6]<li>Data type: **String** </li><li>Value:`<enabled/><data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/><data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/>`</li><br>This configuration disables the existing Bluetooth Personal Area Network (PAN) network adapter, preventing the installation of the Bluetooth Network Adapter that can be used for network connectivity or tethering.|
| Setting |
|--|
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowAdvertising][CSP-1] </li><li>Data type: **Integer** </li><li>Value: `0` </li><br>When set to `0`, the device won't send out advertisements. |
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowDiscoverableMode][CSP-2] </li><li>Data type: **Integer** </li><li>Value: `0` </li><br>When set to `0`, other devices won't be able to detect the device. |
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPrepairing][CSP-3]</li><li>Data type: **Integer** </li><li>Value: `0` </li><br>Prevents specific bundled Bluetooth peripherals to automatically pair with the host device.</li> |
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[AllowPromptedProximalConnections][CSP-4] </li><li>Data type: **Integer** </li><li>Value: `0`</li><br>Prevents users from using Swift Pair and other proximity-based scenarios. |
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[ServicesAllowedList][CSP-5] </li></li><li>Data type: **String** </li><li>Value: `{0000FFFD-0000-1000-8000-00805F9B34FB};{0000FFF9-0000-1000-8000-00805F9B34FB}` <br><br> Set a list of allowable Bluetooth services and profiles: <br>- FIDO Alliance Universal Second Factor Authenticator service (`0000fffd-0000-1000-8000-00805f9b34fb`) <br>- FIDO2 secure client-to-authenticator transport service (`0000FFF9-0000-1000-8000-00805F9B34FB`)<br><br>For more information see [FIDO CTAP 2.1 standard specification][BT-1] and [Bluetooth Assigned Numbers document][BT-2]. |
| <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/`[PreventInstallationOfMatchingDeviceIDs][CSP-6]</li><li>Data type: **String** </li><li>Value: `<enabled/><data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/><data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/>`</li><br>This configuration disables the existing Bluetooth Personal Area Network (PAN) network adapter, preventing the installation of the Bluetooth Network Adapter that can be used for network connectivity or tethering. |
To configure devices with Microsoft Intune, [you can use a Settings catalog policy][INT-1] or a [custom policy][INT-2].