From 3a5fc30b0824cf0a58c736a74032eb63f7d217d3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 10 Feb 2020 15:12:33 -0800 Subject: [PATCH 1/8] Added 20H1 Bluetooth policy --- .../policy-configuration-service-provider.md | 5 ++ .../mdm/policy-csp-bluetooth.md | 79 ++++++++++++++++++- 2 files changed, 82 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 9d72af8a49..7ec3bd938b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -15,6 +15,8 @@ ms.date: 07/18/2019 # Policy CSP +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies. @@ -612,6 +614,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Bluetooth/ServicesAllowedList
+
+ Bluetooth/SetMinimumEncryptionKeySize +
### Browser policies diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 225de9c9ca..1684e92639 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -7,14 +7,15 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 09/27/2019 +ms.date: 02/10/2020 ms.reviewer: manager: dansimp --- # Policy CSP - Bluetooth - +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -40,6 +41,9 @@ manager: dansimp
Bluetooth/ServicesAllowedList
+
+ Bluetooth/SetMinimumEncryptionKeySize +
@@ -390,6 +394,76 @@ The default value is an empty string. For more information, see [ServicesAllowed + +
+ + +**Bluetooth/SetMinimumEncryptionKeySize** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark7
Businesscheck mark7
Enterprisecheck mark7
Educationcheck mark7
Mobile
Mobile Enterprise
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in the next major release of Windows 10. +There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments. + + +The following list shows the supported values: +- 0 (default) - All Bluetooth traffic is allowed. +- 1-N - A number representing the bytes that must be used in the encryption process. + + + + + + + +
Footnotes: @@ -400,6 +474,7 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in the next major release of Windows 10. From 128324095188333892d3f37dccd1b1a6f52858c7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 10 Feb 2020 15:39:32 -0800 Subject: [PATCH 2/8] Fixed http warnings --- windows/client-management/troubleshoot-stop-errors.md | 2 +- windows/client-management/troubleshoot-windows-freeze.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 719976a254..3fe73d34ec 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -59,7 +59,7 @@ To troubleshoot Stop error messages, follow these general steps: 3. Run the [Machine Memory Dump Collector](https://home.diagnostics.support.microsoft.com/selfhelp?knowledgebasearticlefilter=2027760&wa=wsignin1.0) Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions. -4. Run [Microsoft Safety Scanner](http://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections. +4. Run [Microsoft Safety Scanner](https://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections. 5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space. diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 664dc7700e..c9691539ef 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag. -Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). +Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](https://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). ### Use memory dump to collect data for the virtual machine that's running in a frozen state @@ -284,4 +284,4 @@ On Windows Server 2008, you may not have enough free disk space to generate a co Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028). -For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). +For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](https://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). From 1b55043257fd4193c1e5d224ebf73d5627addc86 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 10 Feb 2020 16:15:11 -0800 Subject: [PATCH 3/8] minor update --- windows/client-management/mdm/policy-csp-bluetooth.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 1684e92639..b8c197552d 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -426,14 +426,6 @@ The default value is an empty string. For more information, see [ServicesAllowed Education check mark7 - - Mobile - - - - Mobile Enterprise - - From 13ca80891567b7b460c2dd486031f8a82e8c6f2d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 11 Feb 2020 08:45:56 -0800 Subject: [PATCH 4/8] minor update --- windows/client-management/mdm/policy-csp-bluetooth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index b8c197552d..ccd311c9f6 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 02/10/2020 +ms.date: 02/11/2020 ms.reviewer: manager: dansimp --- From 7e703a77537165f85188d33e3f2aa649c10a061a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 11 Feb 2020 09:04:10 -0800 Subject: [PATCH 5/8] testing --- windows/client-management/mdm/policy-csp-bluetooth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index ccd311c9f6..be4ffce043 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 02/11/2020 +ms.date: 02/12/2020 ms.reviewer: manager: dansimp --- From 8e4f85ca48e8f12dd34210799e60879868757ed3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 11 Feb 2020 16:20:53 -0800 Subject: [PATCH 6/8] Added a note --- windows/client-management/mdm/policy-csp-bluetooth.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index be4ffce043..8e384d21f3 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -443,11 +443,15 @@ The default value is an empty string. For more information, see [ServicesAllowed Added in the next major release of Windows 10. There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments. + The following list shows the supported values: - 0 (default) - All Bluetooth traffic is allowed. - 1-N - A number representing the bytes that must be used in the encryption process. + + >[!Note] + >If you wish to enforce Windows to use Bluetooth encryption at all times, but do not care about the precise encryption key strength, use a value of 1. From fe4edd0b33c44cd925b17cd6b6ac052c2c0ea4b1 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 11 Feb 2020 17:02:43 -0800 Subject: [PATCH 7/8] More updates --- windows/client-management/mdm/policy-csp-bluetooth.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 8e384d21f3..2160f0b07a 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -448,10 +448,8 @@ There are multiple levels of encryption strength when pairing Bluetooth devices. The following list shows the supported values: - 0 (default) - All Bluetooth traffic is allowed. -- 1-N - A number representing the bytes that must be used in the encryption process. +- N - A number from 1 through 16 representing the bytes that must be used in the encryption process. At this time, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports so far. If you wish to enforce Windows to use Bluetooth encryption at all times, but do not care about the precise encryption key strength, use a value of 1. - >[!Note] - >If you wish to enforce Windows to use Bluetooth encryption at all times, but do not care about the precise encryption key strength, use a value of 1. From 9746ba9a94cff09b6a835acc27d05e406d409b92 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 20 Feb 2020 15:45:23 -0800 Subject: [PATCH 8/8] Added final comments --- windows/client-management/mdm/policy-csp-bluetooth.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 2160f0b07a..40e770a691 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -448,7 +448,9 @@ There are multiple levels of encryption strength when pairing Bluetooth devices. The following list shows the supported values: - 0 (default) - All Bluetooth traffic is allowed. -- N - A number from 1 through 16 representing the bytes that must be used in the encryption process. At this time, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports so far. If you wish to enforce Windows to use Bluetooth encryption at all times, but do not care about the precise encryption key strength, use a value of 1. +- N - A number from 1 through 16 representing the bytes that must be used in the encryption process. Currently, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports. If you want to enforce Windows to always use Bluetooth encryption, ignoring the precise encryption key strength, use 1 as the value for N. + +For more information on allowed key sizes, refer to Bluetooth Core Specification v5.1.