Edit

Share via


WebAuthenticationRemoteDesktopAllowedOrigins

Allowed Origins for Proxied WebAuthn Requests from Remote Desktop Applications.

Supported versions

  • On Windows and macOS since 137 or later

Description

This policy defines a list of allowed HTTPS origins for remote desktop client applications that initiate WebAuthn API requests from a browsing session on a remote host.

Origins specified in this policy can request WebAuthn authentication for Relying Party IDs (RP IDs) they would not typically be authorized to claim.

Only HTTPS origins are supported. Wildcards are not permitted. Entries that do not meet these requirements will be ignored.

For more information about the WebAuthn Remote Desktop Support feature, please see https://github.com/w3c/webauthn/wiki/Explainer:-Remote-Desktop-Support/a4e158c569f456c759d0ddd294a9015bd4d4eb9a.

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data type

  • List of strings

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: WebAuthenticationRemoteDesktopAllowedOrigins
  • GP name: Allowed Origins for Proxied WebAuthn Requests from Remote Desktop Applications.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

https://server:8080/

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebAuthenticationRemoteDesktopAllowedOrigins
  • Path (Recommended): N/A
  • Value name: 1, 2, 3, ...
  • Value type: List of REG_SZ

Example registry value

SOFTWARE\Policies\Microsoft\Edge\WebAuthenticationRemoteDesktopAllowedOrigins\1 =

https://server:8080/

Mac information and settings

  • Preference Key name: WebAuthenticationRemoteDesktopAllowedOrigins
  • Example value:
<array>
  <string>https://server:8080/</string>
</array>

See also