deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-08-20 15:18:05 -04:00
parent 248535d9fe
commit 0a35e14fba
1 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
windows/security/identity-protection/passkeys/index.md
View File

@ -319,6 +319,15 @@ Some organizations restrict Bluetooth usage, which includes the use of passkeys.
To limit the use of Bluetooth to only passkey use cases, use the [Bluetooth Policy CSP][CSP-8] and the [DeviceInstallation Policy CSP][CSP-7].
To configure your devices you can use:
- Microsoft Intune/MDM
- PowerShell
[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
The following table provides an example of CSP settings to allow passkeys in a Bluetooth-restricted environment:
| Setting |
@ -332,6 +341,35 @@ The following table provides an example of CSP settings to allow passkeys in a B
To configure devices with Microsoft Intune, [you can use a Settings catalog policy][INT-1] or a [custom policy][INT-2].
#### [:::image type="icon" source="../../images/icons/powershell.svg" border="false"::: **PowerShell**](#tab/powershell)
```powershell
# Bluetooth configuration
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_Policy_Config01_Bluetooth02"
New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
ParentID="./Vendor/MSFT/Policy/Config";
InstanceID="Bluetooth";
AllowDiscoverableMode=0;
AllowAdvertising=0;
AllowPrepairing=0;
AllowPromptedProximalConnections=0;
ServicesAllowedList="{0000FFF9-0000-1000-8000-00805F9B34FB};{0000FFFD-0000-1000-8000-00805F9B34FB}"
}
# Device installation configuration
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_Policy_Config01_DeviceInstallation02"
New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
ParentID="./Vendor/MSFT/Policy/Config";
InstanceID="DeviceInstallation";
PreventInstallationOfMatchingDeviceIDs='<![CDATA[<Enabled/><Data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/><Data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/>]]>'
}
```
---
## :::image type="icon" source="../../images/icons/feedback.svg" border="false"::: Provide feedback
To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the category **Security and Privacy > Passkey**.
@ -354,4 +392,4 @@ To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the cate
[CSP-5]: /windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist
[CSP-6]: /windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids
[CSP-7]: /windows/client-management/mdm/policy-csp-deviceinstallation
[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth
[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth