Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Define a list of protocols that can not be silently blocked by anti-flood protection
Supported versions
- On Windows and macOS since 99 or later
Description
Allows you to create a list of protocols, and for each protocol an associated list of allowed origin patterns. These origins won't be silently blocked from launching an external application by anti-flood protection. The trailing separator shouldn't be included when listing the protocol. For example, list "skype" instead of "skype:" or "skype://".
If you configure this policy, a protocol will only be permitted to bypass being silently blocked by anti-flood protection if:
the protocol is listed
the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.
If either condition is false, the external protocol launch may be blocked by anti-flood protection.
If you don't configure this policy, no protocols can bypass being silently blocked.
The origin matching patterns use a similar format to those for the URLBlocklist policy, that are documented at https://go.microsoft.com/fwlink/?linkid=2095322.
However, origin matching patterns for this policy cannot contain "/path" or "@query" elements. Any pattern that does contain a "/path" or "@query" element will be ignored.
This policy doesn't work as expected with file://* wildcards.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: No
Data type
- Dictionary
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DoNotSilentlyBlockProtocolsFromOrigins
- GP name: Define a list of protocols that can not be silently blocked by anti-flood protection
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: DoNotSilentlyBlockProtocolsFromOrigins
- Value type: REG_SZ
Example registry value
[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]
Expanded example registry value
[
{
"allowed_origins": [
"example.com",
"http://www.example.com:8080"
],
"protocol": "spotify"
},
{
"allowed_origins": [
"https://example.com",
"https://.mail.example.com"
],
"protocol": "msteams"
},
{
"allowed_origins": [
"*"
],
"protocol": "msoutlook"
}
]
Mac information and settings
- Preference Key name: DoNotSilentlyBlockProtocolsFromOrigins
- Example value:
<key>DoNotSilentlyBlockProtocolsFromOrigins</key>
<array>
<dict>
<key>allowed_origins</key>
<array>
<string>example.com</string>
<string>http://www.example.com:8080</string>
</array>
<key>protocol</key>
<string>spotify</string>
</dict>
<dict>
<key>allowed_origins</key>
<array>
<string>https://example.com</string>
<string>https://.mail.example.com</string>
</array>
<key>protocol</key>
<string>msteams</string>
</dict>
<dict>
<key>allowed_origins</key>
<array>
<string>*</string>
</array>
<key>protocol</key>
<string>msoutlook</string>
</dict>
</array>