Policy

Do not allow WebAuthn redirection

This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other). By default, Remote Desktop allows redirection of WebAuthn requests. If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.

Policy
Pack Microsoft Windows
Category Windows Components / Remote Desktop Services / Remote Desktop Session Host / Device and Resource Redirection
Policy ID 406738e0b86a
Internal name TS_WEBAUTHN

Registry

Copy registry mappings

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableWebAuthn (enabled) = 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableWebAuthn (disabled) = 0

Policy notes

This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other). By default, Remote Desktop allows redirection of WebAuthn requests. If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.

Related policies

Allow audio and video playback redirectionAllow audio recording redirectionAllow time zone redirectionAllow time zone redirectionAllow UI Automation redirectionDo not allow Clipboard redirectionDo not allow Clipboard redirection