Bluetooth Device Management - Restrict/Allow

New Contributor

Hi All!

Prior to my current role, Bluetooth restrictions seemed to be all or nothing. Either users were free to connect to various Keyboards, Mice and Headsets or not at all.

Now I have a mandate to allow specific, vendor approved Keyboards, Mice and Headsets...but nothing else via Bluetooth.

What is your preferred method of managing BlueTooth devices in macOS/Jamf?  BlueTooth must be enabled but not discoverable and auto-pairing/file transfer type functionality needs to be disabled. 3rd Party Product? Config Profile? Script? Some combination of the 3?


Contributor III

I'm currently working on this. I can't figure out how to just allow specific vendor/device to connect. The only way I found so far is to disable bluetooth with <key>DisableBluetooth</key> <true/> in then, turn on when the user need to pair a new device but that's no ideal in our environment. 

I'm using this to turn off Bluetooth Sharing. It doesn't disable it though.




currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')

btSharing=$(sudo -u "$currentUser" defaults -currentHost read PrefKeyServicesEnabled -bool false)

if [ $btSharing = "1" ]; then

sudo -u "$currentUser" defaults -currentHost write PrefKeyServicesEnabled -bool false


exit 0



Turn off bluetooth if is on. 




## 1 is ON, 0 is OFF
btStatus=`defaults read /Library/Preferences/ ControllerPowerState`

if [ "$btStatus" = "1" ]; then

	sudo defaults write /Library/Preferences/ ControllerPowerState -int 0 && \sudo pkill bluetoothd

exit 0





Contributor III

Correction: plist will completely disable it. The Configuration Profile Bluetooth Restriction will keep the paired devices but can't pair any new ones. 

New Contributor II

Since this topic just came up in my org, it's worth noting that Jamf Pro 10.50+ and macOS Sonoma will now have payloads to disable Bluetooth Sharing.

Slight build on @YanW 's EA above:


# return current status of Bluetooth Sharing

# Bluetooth Sharing must have been previously enabled for this to return any numeric value regardless of current status
# otherwise, a non-zero value will be returned:
#   The domain/default pair of (, PrefKeyServicesEnabled) does not exist

currentUser=$(stat -f%Su /dev/console)

state=$(sudo -u "$currentUser" defaults -currentHost read PrefKeyServicesEnabled)

if [ "$state" = "1" ]; then

elif [ "$state" = "0" ]; then

elif [ -z "$state" ]; then
        status="Never Enabled"

echo "<result>$status</result>"

exit 0

Tested on 12.7 - 14.1.