หมายเหตุ
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลอง ลงชื่อเข้าใช้หรือเปลี่ยนไดเรกทอรีได้
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลองเปลี่ยนไดเรกทอรีได้
Websites or domains that don't need permission to use direct Security Key attestation
Supported versions
- On Windows and macOS since 77 or later
Description
Specifies the WebAuthn RP IDs that don't need explicit user permission when attestation certificates from security keys are requested. Additionally, a signal is sent to the security key indicating that it can use enterprise attestation. Without this policy, users are prompted each time a site requests attestation of security keys.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: No
Data type
- List of strings
Windows information and settings
Group Policy (ADMX) info
- GP unique name: SecurityKeyPermitAttestation
- GP name: Websites or domains that don't need permission to use direct Security Key attestation
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
contoso.com
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation
- Path (Recommended): N/A
- Value name: 1, 2, 3, ...
- Value type: List of REG_SZ
Example registry value
SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation\1 =
contoso.com
Mac information and settings
- Preference Key name: SecurityKeyPermitAttestation
- Example value:
<array>
<string>contoso.com</string>
</array>