Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Define a list of protocols that can launch an external application from listed origins without prompting the user
Supported versions
- On Windows and macOS since 85 or later
Description
Allows you to set a list of protocols, and for each protocol an associated list of allowed origin patterns, that can launch an external application without prompting the user. The trailing separator should not be included when listing the protocol and the protocol should be all lower case. For example, list "skype" instead of "skype:", "skype://" or "Skype".
If you configure this policy, a protocol will only be permitted to launch an external application without prompting by policy if:
the protocol is listed
the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.
If either condition is false, the external protocol launch prompt will not be omitted by policy.
If you don't configure this policy, no protocols can launch without a prompt. Users can opt out of prompts on a per-protocol/per-site basis unless the ExternalProtocolDialogShowAlwaysOpenCheckbox policy is set to Disabled. This policy has no impact on per-protocol/per-site prompt exemptions set by users.
The origin matching patterns use a similar format to those for the URLBlocklist policy, which are documented at https://go.microsoft.com/fwlink/?linkid=2095322.
However, origin matching patterns for this policy cannot contain "/path" or "@query" elements. Any pattern that does contain a "/path" or "@query" element will be ignored.
This policy does not work as expected with file://* wildcards.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Dictionary
Windows information and settings
Group Policy (ADMX) info
- GP unique name: AutoLaunchProtocolsFromOrigins
- GP name: Define a list of protocols that can launch an external application from listed origins without prompting the user
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: AutoLaunchProtocolsFromOrigins
- Value type: REG_SZ
Example registry value
[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]
Expanded example registry value
[
{
"allowed_origins": [
"example.com",
"http://www.example.com:8080"
],
"protocol": "spotify"
},
{
"allowed_origins": [
"https://example.com",
"https://.mail.example.com"
],
"protocol": "msteams"
},
{
"allowed_origins": [
"*"
],
"protocol": "msoutlook"
}
]
Mac information and settings
- Preference Key name: AutoLaunchProtocolsFromOrigins
- Example value:
<key>AutoLaunchProtocolsFromOrigins</key>
<array>
<dict>
<key>allowed_origins</key>
<array>
<string>example.com</string>
<string>http://www.example.com:8080</string>
</array>
<key>protocol</key>
<string>spotify</string>
</dict>
<dict>
<key>allowed_origins</key>
<array>
<string>https://example.com</string>
<string>https://.mail.example.com</string>
</array>
<key>protocol</key>
<string>msteams</string>
</dict>
<dict>
<key>allowed_origins</key>
<array>
<string>*</string>
</array>
<key>protocol</key>
<string>msoutlook</string>
</dict>
</array>