Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Websites or domains that don't need permission to use direct Security Key attestation
Supported versions
- On Windows and macOS since 77 or later
Description
Specifies the WebAuthn RP IDs that don't need explicit user permission when attestation certificates from security keys are requested. Additionally, a signal is sent to the security key indicating that it can use enterprise attestation. Without this policy, users are prompted each time a site requests attestation of security keys.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: No
Data type
- List of strings
Windows information and settings
Group Policy (ADMX) info
- GP unique name: SecurityKeyPermitAttestation
- GP name: Websites or domains that don't need permission to use direct Security Key attestation
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
contoso.com
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation
- Path (Recommended): N/A
- Value name: 1, 2, 3, ...
- Value type: List of REG_SZ
Example registry value
SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation\1 =
contoso.com
Mac information and settings
- Preference Key name: SecurityKeyPermitAttestation
- Example value:
<array>
<string>contoso.com</string>
</array>