Block launching desktop apps associated with a URI scheme

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app. If you enable this policy setting, packaged Microsoft Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps. If you disable or do not configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.

This policy has no additional user input fields.

• Computer
  Allow Microsoft accounts to be optional

  At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
• ComputerUser
  Block launching desktop apps associated with a file.

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Block launching Universal Windows apps with Windows Runtime API access from hosted content.

  At least Windows Server 2016, Windows 10
• Computer
  Turn on dynamic Content URI Rules for packaged Microsoft Store apps

  At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1