Skip to main content

Windows Connectivity Policy

Updated yesterday

The Windows Connectivity Policy allows administrators to manage connectivity features on Windows 10 and later devices.
This policy can be applied to BYOD or corporate-owned devices and provides granular controls for cellular data, roaming, Bluetooth, PC linking, connected device services, and VPN behavior.

These settings help organizations ensure security, manage costs (especially for cellular-enabled devices), and enforce consistent connectivity rules across all managed Windows endpoints.

Requirements

  • Windows 10 or later

Overview

Using the Windows Connectivity Policy, administrators can:

  • Allow or restrict Bluetooth usage

  • Control cellular data and roaming behavior

  • Enable or disable Connected Devices Platform (CDP) services

  • Manage Phone-PC linking permissions

  • Control whether VPN is allowed on cellular networks

  • Restrict VPN roaming when switching across networks

This policy is especially useful for:

  • Enterprise environments with cellular-capable Windows devices

  • Organizations aiming to reduce data usage costs

  • Security-conscious deployments that restrict certain connectivity pathways

  • Zero Trust environments require predictable VPN paths

Configurable Settings

Below are all settings included in this policy, along with their descriptions and behavioral effects.

Allow Bluetooth

Controls whether users can enable or use Bluetooth on their Windows device.

  • Allowed → Bluetooth is enabled; users can toggle it freely

  • Not Allowed → Prevents Bluetooth from functioning

Useful for:

  • Securing sensitive environments

  • Preventing unauthorized device pairing

Allow Cellular Data

Enables or disables the device’s cellular data channel.

  • Allowed → Cellular data is available

  • Not Allowed → Cellular data is disabled

Note:
A device reboot is not required for enforcement.

Allow Cellular Data Roaming

Controls whether the device can use cellular roaming when connecting to non-home networks.

  • Allowed → Device may roam as needed

  • Not Allowed → Prevents roaming connections

Recommended for:

  • Avoiding high-cost data charges

  • Restricting connections to trusted networks

Allow Connected Devices

Controls whether the Connected Devices Platform (CDP) is available.

This technology enables:

  • App sharing across devices

  • Device synchronization

  • Nearby sharing

  • Bluetooth-based app discovery

  • Cross-device experiences (messages, sessions, app handoffs, etc.)

Setting

Behavior

Allowed

CDP-enabled apps and services function normally

Not Allowed

CDP experiences disabled

Useful for strict corporate environments or privacy-focused deployments.

Allow Phone PC Linking

Controls whether users can link an Android phone to their Windows PC (via Phone Link).

If disabled:

  • Users cannot pair their phone via Phone Link

  • Existing connections will stop working

This affects features such as:

  • Message syncing

  • Notifications

  • Photo transfer

  • Phone call integration

Allow VPN Over Cellular

Specifies whether VPN connections are allowed to use cellular networks.

Options typically include:

  • Always Allowed → VPN can use any network, including cellular

  • Cellular Disallowed → VPN can only use Wi-Fi or wired networks

Useful for:

  • Reducing cellular data usage

  • Ensuring secure connectivity paths

  • Preventing VPN traffic over untrusted mobile networks

Allow VPN Roaming Over Cellular

Controls VPN behavior when switching between network types.

  • Allowed → VPN can roam seamlessly when switching networks

  • Not Allowed → VPN must reconnect or may fail when switching between Wi-Fi, cellular, or Ethernet

Ideal for:

  • Organizations requiring stable, controlled VPN connections

  • Environments where roaming may create security concerns

Best Practices

  • Disable Bluetooth on high-security devices to reduce attack surface.

  • Disable Cellular Roaming for corporate-owned devices to reduce carrier costs.

  • Enable VPN Over Cellular only if required for remote work on mobile networks.

  • Disable Connected Devices for compliance-focused organizations where cross-device experiences are not permitted.

  • Combine this policy with:

    • Windows Wi-Fi Policy

    • Windows VPN Policy

    • Windows Security Baseline

How to Configure

  1. Open the Swif Admin Console

  2. Navigate to Policies → Create New Policy

  3. Select Windows Connectivity Policy

  4. Configure each setting according to your organization’s requirements

  5. Click Continue

  6. Assign the policy to devices or device groups

  7. Save and apply

Devices will enforce the settings at their next MDM sync.

Troubleshooting

Connectivity settings are not applying

  • Ensure the device is running Windows 10+

  • Make sure the policy is assigned to the correct user/device group

  • Confirm the device is enrolled and checking in with Swif.ai

Bluetooth still appears enabled

  • Verify another app or OEM utility isn’t overriding system settings

  • Restart the device to ensure the radio state resets

VPN failing over cellular

  • Ensure the VPN client supports cellular tunneling

  • Confirm no carrier-level blocking is occurring

Related Articles
Android-Specific MDM Policies Available in Swif.ai
Android Connection Policy
Windows Microsoft Remote Desktop Policy
Windows Settings Policy
Windows VPN Policy
Did this answer your question?