Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Grant access to specific sites to connect to specific USB devices
Supported versions
- On Windows and macOS since 77 or later
Description
Allows you to set a list of urls that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and urls in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.
The USB permission model uses the URL of the requesting site ("requesting URL") and the URL of the top-level frame site ("embedding URL") to grant permission to the requesting URL to access the USB device. The requesting URL may be different than the embedding URL when the requesting site is loaded in an iframe. Therefore, the "urls" field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in "urls" must be valid URLs, otherwise the policy will be ignored.
This is deprecated and only supported for backwards compatibility in the following manner. If both a requesting and embedding URL is specified, then the embedding URL will be granted the permission as top-level origin and the requesting URL will be ignored entirely.
If this policy is left not set, the global default value will be used for all sites either from the DefaultWebUsbGuardSetting policy if it is set, or the user's personal configuration otherwise.
URL patterns in this policy should not clash with the ones configured via WebUsbBlockedForUrls. If there is a clash, this policy will take precedence over WebUsbBlockedForUrls and WebUsbAskForUrls.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Dictionary
Windows information and settings
Group Policy (ADMX) info
- GP unique name: WebUsbAllowDevicesForUrls
- GP name: Grant access to specific sites to connect to specific USB devices
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://contoso.com", "https://fabrikam.com"]}]
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: WebUsbAllowDevicesForUrls
- Value type: REG_SZ
Example registry value
[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://contoso.com", "https://fabrikam.com"]}]
Expanded example registry value
[
{
"devices": [
{
"product_id": 5678,
"vendor_id": 1234
}
],
"urls": [
"https://contoso.com",
"https://fabrikam.com"
]
}
]
Mac information and settings
- Preference Key name: WebUsbAllowDevicesForUrls
- Example value:
<key>WebUsbAllowDevicesForUrls</key>
<array>
<dict>
<key>devices</key>
<array>
<dict>
<key>product_id</key>
<integer>5678</integer>
<key>vendor_id</key>
<integer>1234</integer>
</dict>
</array>
<key>urls</key>
<array>
<string>https://contoso.com</string>
<string>https://fabrikam.com</string>
</array>
</dict>
</array>