Policy

Do not allow WebAuthn redirection

Microsoft Windows

Back to Device and Resource RedirectionBack to main
Do not allow WebAuthn redirection
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection
Supported on
At least Windows Server 2019, Windows 10 Version 2004

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other). By default, Remote Desktop allows redirection of WebAuthn requests. If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.

Internal name
TS_WEBAUTHN
Policy ID
406738e0b86a
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
fDisableWebAuthn
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
fDisableWebAuthn
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.