Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Control the mode of DNS-over-HTTPS
Supported versions
- On Windows and macOS since 83 or later
Description
Control the mode of the DNS-over-HTTPS resolver. Note that this policy will only set the default mode for each query. The mode can be overridden for special types of queries such as requests to resolve a DNS-over-HTTPS server hostname.
The "off" mode will disable DNS-over-HTTPS.
The "automatic" mode will send DNS-over-HTTPS queries first if a DNS-over-HTTPS server is available and may fallback to sending insecure queries on error.
The "secure" mode will only send DNS-over-HTTPS queries and will fail to resolve on error.
If this policy is not configured for managed devices, DNS-over-HTTPS queries will not be sent. Instead, the browser may send DNS requests to a resolver associated with the user's system resolver. This could lead to a less secure or private DNS resolution process, depending on the resolver in use.
Policy options mapping:
off (off) = Disable DNS-over-HTTPS
automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback
secure (secure) = Enable DNS-over-HTTPS without insecure fallback
Use the preceding information when configuring this policy.
Policy options mapping:
Use this information when configuring this policy.
- off = Disable DNS-over-HTTPS
- automatic = Enable DNS-over-HTTPS with insecure fallback
- secure = Enable DNS-over-HTTPS without insecure fallback
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- String
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DnsOverHttpsMode
- GP name: Control the mode of DNS-over-HTTPS
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Disable DNS-over-HTTPS
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: DnsOverHttpsMode
- Value type: REG_SZ
Example registry value
off
Mac information and settings
- Preference Key name: DnsOverHttpsMode
- Example value:
<string>off</string>