Bluetooth Device Management - Restrict/Allow

Hi All!

Prior to my current role, Bluetooth restrictions seemed to be all or nothing. Either users were free to connect to various Keyboards, Mice and Headsets or not at all.

Now I have a mandate to allow specific, vendor approved Keyboards, Mice and Headsets...but nothing else via Bluetooth.

What is your preferred method of managing BlueTooth devices in macOS/Jamf? BlueTooth must be enabled but not discoverable and auto-pairing/file transfer type functionality needs to be disabled. 3rd Party Product? Config Profile? Script? Some combination of the 3?

Page 1 / 1

I'm currently working on this. I can't figure out how to just allow specific vendor/device to connect. The only way I found so far is to disable bluetooth with <key>DisableBluetooth</key> <true/> in com.apple.MCXBluetooth then, turn on when the user need to pair a new device but that's no ideal in our environment.

I'm using this to turn off Bluetooth Sharing. It doesn't disable it though.

#!/bin/sh



currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')



btSharing=$(sudo -u "$currentUser" defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled -bool false)



if [ $btSharing = "1" ]; then



sudo -u "$currentUser" defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false



fi



exit 0

Turn off bluetooth if is on.

#!/bin/sh



## 1 is ON, 0 is OFF

btStatus=`defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState`



if [ "$btStatus" = "1" ]; then



	sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0 && \\sudo pkill bluetoothd



fi

exit 0

I'm currently working on this. I can't figure out how to just allow specific vendor/device to connect. The only way I found so far is to disable bluetooth with <key>DisableBluetooth</key> <true/> in com.apple.MCXBluetooth then, turn on when the user need to pair a new device but that's no ideal in our environment.

I'm using this to turn off Bluetooth Sharing. It doesn't disable it though.

#!/bin/sh



currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')



btSharing=$(sudo -u "$currentUser" defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled -bool false)



if [ $btSharing = "1" ]; then



sudo -u "$currentUser" defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false



fi



exit 0

Turn off bluetooth if is on.

#!/bin/sh



## 1 is ON, 0 is OFF

btStatus=`defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState`



if [ "$btStatus" = "1" ]; then



	sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0 && \\sudo pkill bluetoothd



fi

exit 0

Correction: com.apple.MCXBluetooth plist will completely disable it. The Configuration Profile Bluetooth Restriction will keep the paired devices but can't pair any new ones.

Since this topic just came up in my org, it's worth noting that Jamf Pro 10.50+ and macOS Sonoma will now have payloads to disable Bluetooth Sharing.

Slight build on @YanW 's EA above:

#!/bin/bash



# return current status of Bluetooth Sharing



# Bluetooth Sharing must have been previously enabled for this to return any numeric value regardless of current status

# otherwise, a non-zero value will be returned:

#

#   The domain/default pair of (com.apple.Bluetooth, PrefKeyServicesEnabled) does not exist





currentUser=$(stat -f%Su /dev/console)



state=$(sudo -u "$currentUser" defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled)



if [ "$state" = "1" ]; then

        status="Enabled"



elif [ "$state" = "0" ]; then

        status="Disabled"



elif [ -z "$state" ]; then

        status="Never Enabled"

fi



echo "<result>$status</result>"



exit 0

Tested on 12.7 - 14.1.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded