Merged PR 6470: Bluetooth/ServicesAllowedList policy - added a usage guide

2025-05-12 21:37:22 +00:00 · 2018-03-19 22:52:13 +00:00 · 2018-03-19 22:52:13 +00:00 · 5edbefd5e5
commit 5edbefd5e5
parent d62c12c354
2 changed files with 94 additions and 1 deletions
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1663,6 +1663,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>TextInput/AllowIMENetworkAccess - when this policy is set to 1, suggestions from the Microsoft AI chatbot Rinna are enabled in the Japanese IME.</li>
 </ul>
 </td></tr>
+<tr>
+<td style="vertical-align:top">[Policy CSP - Bluetooth](policy-csp-bluetooth.md)</td>
+<td style="vertical-align:top"><p>Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).</p>
+</td></tr>
 </tbody>
 </table>

--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -282,7 +282,7 @@ If this policy is not set or it is deleted, the default local radio name is used
 <!--Description-->
 Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.

-The default value is an empty string.
+The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)

 <!--/Description-->
 <!--/Policy-->
@ -297,6 +297,95 @@ Footnote:

 <!--/Policies-->

+## ServicesAllowedList usage guide
+
+When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly define Bluetooth profiles and services. It is an allowed list, enabling admins to still allow custom Bluetooth profiles that are not defined by the Bluetooth Special Interests Group (SIG).
+
+To define which profiles and services are allowed, enter the profile or service Universally Unique Identifiers (UUID) using semicolon delimiter. To get a profile UUID, refer to the [Service Discovery](https://www.bluetooth.com/specifications/assigned-numbers/service-discovery) page on the Bluetooth SIG website. 
+
+These UUIDs all use the same base UUID with the profile identifiers added to the beginning of the base UUID.
+
+Here are some examples:
+
+**Bluetooth Headsets for Voice (HFP)**
+
+BASE_UUID = 0x00000000-0000-1000-8000-00805F9B34FB
+
+|UUID name  |Protocol specification  |UUID  |
+|---------|---------|---------|
+|HFP(Hands Free Profile)     |Hands-Free Profile (HFP) *         |0x111E         |
+
+Footnote: * Used as both Service Class Identifier and Profile Identifier.
+
+Hands Free Profile UUID = base UUID + 0x111E to the beginning = 0000111E-0000-1000-8000-00805F9B34FB
+
+**Allow Audio Headsets only (Voice)**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HFP (Hands Free Profile)     |For voice enabled headsets         |0x111E        |
+|GAP (Generic Access Profile)*     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)*     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters*     |Generic service used by Bluetooth         |0x1813         |
+
+Footnote: * *GAP, DID, and Scan Parameter are required, as these are underlying profiles and services used by all Bluetooth devices.
+
+This means that if you only want Bluetooth headsets, the UUIDs are:
+
+{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow Audio Headsets and Speakers (Voice & Music)**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HFP (Hands Free Profile)     |For voice enabled headsets         |0x111E         |
+|A2DP Source (Advance Audio Distribution)|For streaming to Bluetooth speakers         |0x110A         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|Device ID (DID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{0000111E-0000-1000-8000-00805F9B34FB};{0000110A-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Classic Keyboards and Mice**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|HID (Human Interface Device)     |For classic BR/EDR keyboards and mice         |0x1124         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+> [!Note]  
+> For both Classic and LE use a super set of the two formula’s UUIDs
+
+**LE Keyboards and Mice**  
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|Generic Access Atribute     |For the LE Protocol         |0x1801         |
+|HID Over GATT *     |For LE keyboards and mice         |0x1812         |
+|GAP (Generic Access Profile)     |Generic service used by Bluetooth         |0x1800         |
+|DID (Device ID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+Footnote: * The Surface pen uses the HID over GATT profile
+
+{00001801-0000-1000-8000-00805F9B34FB};{00001812-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
+**Allow File Transfer**
+
+|Profile  |Reasoning  |UUID  |
+|---------|---------|---------|
+|OBEX Object Push (OPP)     |For file transfer         |0x1105         |
+|Object Exchange (OBEX)     |Protocol for file transfer         |0x0008         |
+|Generic Access Profile (GAP)     |Generic service used by Bluetooth         |0x1800         |
+|Device ID (DID)     |Generic service used by Bluetooth         |0x180A         |
+|Scan Parameters     |Generic service used by Bluetooth         |0x1813         |
+
+{00001105-0000-1000-8000-00805F9B34FB};{00000008-0000-1000-8000-00805F9B34FB};{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
+
 <!--StartHoloLens-->
 ## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic for Business