From 6e16381ccdb1565c253a76e4317da4a7ac914015 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 20 Aug 2024 15:47:03 -0400
Subject: [PATCH] chore: Update passkey configuration documentation for
 Bluetooth restrictions

---
 windows/security/identity-protection/passkeys/index.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md
index c809cd6dec..9377e559e6 100644
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@@ -319,14 +319,13 @@ Some organizations restrict Bluetooth usage, which includes the use of passkeys.
 
 To limit the use of Bluetooth to only passkey use cases, use the [Bluetooth Policy CSP][CSP-8] and the [DeviceInstallation Policy CSP][CSP-7].
 
->[!NOTE]
->Once the settings are applied, if you try to pair a device vua Bluetooth, it will initailly pair and immediately disconnect. The Bluetooth device is blocked from loading and not availabe from Settings nor Device Manager.
+### Device configuration
 
 [!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
 
 #### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
 
-The following table contains a list of CSP settings to allow passkeys in a Bluetooth-restricted environment:
+To configure devices with Microsoft Intune, [you can use a custom policy][INT-2] with these settings:
 
 | Setting |
 |--|
@@ -337,8 +336,6 @@ The following table contains a list of CSP settings to allow passkeys in a Bluet
 | <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[ServicesAllowedList][CSP-5] </li></li><li>Data type: **String** </li><li>Value: `{0000FFFD-0000-1000-8000-00805F9B34FB};{0000FFF9-0000-1000-8000-00805F9B34FB}` <br><br> Set a list of allowable Bluetooth services and profiles: <br>- FIDO Alliance Universal Second Factor Authenticator service (`0000fffd-0000-1000-8000-00805f9b34fb`) <br>- FIDO2 secure client-to-authenticator transport service (`0000FFF9-0000-1000-8000-00805F9B34FB`)<br><br>For more information see [FIDO CTAP 2.1 standard specification][BT-1] and [Bluetooth Assigned Numbers document][BT-2]. |
 | <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/`[PreventInstallationOfMatchingDeviceIDs][CSP-6]</li><li>Data type: **String** </li><li>Value: `<enabled/><data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/><data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/>`</li><br>This configuration disables the existing Bluetooth Personal Area Network (PAN) network adapter, preventing the installation of the Bluetooth Network Adapter that can be used for network connectivity or tethering. |
 
-To configure devices with Microsoft Intune, [you can use a custom policy][INT-2].
-
 #### [:::image type="icon" source="../../images/icons/powershell.svg" border="false"::: **PowerShell**](#tab/powershell)
 
 [!INCLUDE [powershell-wmi-bridge-1](../../../../includes/configure/powershell-wmi-bridge-1.md)]
@@ -372,6 +369,9 @@ New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
 
 ---
 
+>[!NOTE]
+>Once the settings are applied, if you try to pair a device vua Bluetooth, it will initailly pair and immediately disconnect. The Bluetooth device is blocked from loading and not availabe from Settings nor Device Manager.
+
 ## :::image type="icon" source="../../images/icons/feedback.svg" border="false"::: Provide feedback
 
 To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the category **Security and Privacy > Passkey**.