added script

2025-05-12 13:27:23 +00:00 · 2024-08-20 15:37:42 -04:00 · 2024-08-20 15:37:42 -04:00 · dc04f2f081
commit dc04f2f081
parent 0a35e14fba
1 changed files with 9 additions and 8 deletions
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@ -319,16 +319,14 @@ Some organizations restrict Bluetooth usage, which includes the use of passkeys.

 To limit the use of Bluetooth to only passkey use cases, use the [Bluetooth Policy CSP][CSP-8] and the [DeviceInstallation Policy CSP][CSP-7].

-To configure your devices you can use:
-
- Microsoft Intune/MDM
- PowerShell
+>[!NOTE]
+>Once the settings are applied, if you try to pair a device vua Bluetooth, it will initailly pair and immediately disconnect. The Bluetooth device is blocked from loading and not availabe from Settings nor Device Manager.

 [!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]

-#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)

-The following table provides an example of CSP settings to allow passkeys in a Bluetooth-restricted environment:
+The following table contains a list of CSP settings to allow passkeys in a Bluetooth-restricted environment:

 | Setting |
 |--|
@ -339,10 +337,12 @@ The following table provides an example of CSP settings to allow passkeys in a B
 | <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/Bluetooth/`[ServicesAllowedList][CSP-5] </li></li><li>Data type: **String** </li><li>Value: `{0000FFFD-0000-1000-8000-00805F9B34FB};{0000FFF9-0000-1000-8000-00805F9B34FB}` <br><br> Set a list of allowable Bluetooth services and profiles: <br>- FIDO Alliance Universal Second Factor Authenticator service (`0000fffd-0000-1000-8000-00805f9b34fb`) <br>- FIDO2 secure client-to-authenticator transport service (`0000FFF9-0000-1000-8000-00805F9B34FB`)<br><br>For more information see [FIDO CTAP 2.1 standard specification][BT-1] and [Bluetooth Assigned Numbers document][BT-2]. |
 | <li>OMA-URI: `./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/`[PreventInstallationOfMatchingDeviceIDs][CSP-6]</li><li>Data type: **String** </li><li>Value: `<enabled/><data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/><data id="DeviceInstall_IDs_Deny_List" value="1&#xF000;BTH\MS_BTHPAN"/>`</li><br>This configuration disables the existing Bluetooth Personal Area Network (PAN) network adapter, preventing the installation of the Bluetooth Network Adapter that can be used for network connectivity or tethering. |

-To configure devices with Microsoft Intune, [you can use a Settings catalog policy][INT-1] or a [custom policy][INT-2].
+To configure devices with Microsoft Intune, [you can use a custom policy][INT-2].

 #### [:::image type="icon" source="../../images/icons/powershell.svg" border="false"::: **PowerShell**](#tab/powershell)

+[!INCLUDE [powershell-wmi-bridge-1](../../../../includes/configure/powershell-wmi-bridge-1.md)]
+
 ```powershell
 # Bluetooth configuration
 $namespaceName = "root\cimv2\mdm\dmmap"
@ -368,6 +368,8 @@ New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{
 }
 ```

+[!INCLUDE [powershell-wmi-bridge-2](../../../../includes/configure/powershell-wmi-bridge-2.md)]
+
 ---

 ## :::image type="icon" source="../../images/icons/feedback.svg" border="false"::: Provide feedback
@ -382,7 +384,6 @@ To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the cate
 [KB-1]: https://support.microsoft.com/kb/5030310
 [MSS-1]: ms-settings:savedpasskeys

-[INT-1]: /mem/intune/configuration/settings-catalog
 [INT-2]: /mem/intune/configuration/custom-settings-configure

 [CSP-1]: /windows/client-management/mdm/policy-csp-bluetooth#allowadvertising