Policy
Let Windows apps access trusted devices
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
This policy setting specifies whether Windows apps can access trusted devices. You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List ID LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List | list | HKLM\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessTrustedDevices_UserInControlOfTheseApps Type REG_MULTI_SZ | None |
LetAppsAccessTrustedDevices_ForceAllowTheseApps_List ID LetAppsAccessTrustedDevices_ForceAllowTheseApps_List | list | HKLM\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessTrustedDevices_ForceAllowTheseApps Type REG_MULTI_SZ | None |
LetAppsAccessTrustedDevices_ForceDenyTheseApps_List ID LetAppsAccessTrustedDevices_ForceDenyTheseApps_List | list | HKLM\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessTrustedDevices_ForceDenyTheseApps Type REG_MULTI_SZ | None |
Default for all apps: ID LetAppsAccessTrustedDevices_Enum | enum | HKLM\Software\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessTrustedDevices Type REG_DWORD | Options: User is in control (0), Force Allow (1), Force Deny (2) |
Other policies in this category
Explore related policies at the same level.
- ComputerLet Windows apps access account informationAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access an eye tracker deviceAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access call historyAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access contactsAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access diagnostic information about other appsAt least Windows Server 2016, Windows 10 Version 1703
- ComputerLet Windows apps access emailAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access locationAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access messagingAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access motionAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access notificationsAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access presence sensingAt least Windows Server 2016, Windows 10
- ComputerLet Windows apps access TasksAt least Windows Server 2016, Windows 10