Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Allowed Origins for Proxied WebAuthn Requests from Remote Desktop Applications.
Supported versions
- On Windows and macOS since 137 or later
Description
This policy defines a list of allowed HTTPS origins for remote desktop client applications that initiate WebAuthn API requests from a browsing session on a remote host.
Origins specified in this policy can request WebAuthn authentication for Relying Party IDs (RP IDs) they would not typically be authorized to claim.
Only HTTPS origins are supported. Wildcards are not permitted. Entries that do not meet these requirements will be ignored.
For more information about the WebAuthn Remote Desktop Support feature, please see https://github.com/w3c/webauthn/wiki/Explainer:-Remote-Desktop-Support/a4e158c569f456c759d0ddd294a9015bd4d4eb9a.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: No
Data type
- List of strings
Windows information and settings
Group Policy (ADMX) info
- GP unique name: WebAuthenticationRemoteDesktopAllowedOrigins
- GP name: Allowed Origins for Proxied WebAuthn Requests from Remote Desktop Applications.
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
https://server:8080/
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebAuthenticationRemoteDesktopAllowedOrigins
- Path (Recommended): N/A
- Value name: 1, 2, 3, ...
- Value type: List of REG_SZ
Example registry value
SOFTWARE\Policies\Microsoft\Edge\WebAuthenticationRemoteDesktopAllowedOrigins\1 =
https://server:8080/
Mac information and settings
- Preference Key name: WebAuthenticationRemoteDesktopAllowedOrigins
- Example value:
<array>
<string>https://server:8080/</string>
</array>