Microsoft Edge WebView for StoreFront authentication
Supported on: Citrix Workspace app for Windows 2302 and above.
Description
Requirements: Microsoft Edge WebView2 Runtime version 131 or later. This policy allows to control the webview in which StoreFront authentication related web content is loaded. When this policy is enabled, Citrix Workspace app uses Microsoft Edge WebView2. Microsoft Edge WebView2 provides support for authentication mechanisms like Windows Hello based authentication, FIDO2 Security Keys based authentication, Single Sign-On (SSO) to Citrix Workspace app from Microsoft Azure Active Directory (AAD) joined machines with AAD as an identity provider, and Conditional Access. When this policy is disabled, Citrix Workspace app uses Internet Explorer WebView.
Registry
Software\Policies\Citrix\AuthManager Value name: EdgeChromiumEnabled
Enabled: EdgeChromiumEnabled = true
Disabled: EdgeChromiumEnabled = false
REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Microsoft Edge WebView for StoreFront authentication
; State: Enabled
; Supported on: Citrix Workspace app for Windows 2302 and above.
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\AuthManager]
"EdgeChromiumEnabled"="true" PowerShell
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EdgeChromiumEnabled' -Value 'true' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AuthManager' -Name 'EdgeChromiumEnabled' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EdgeChromiumEnabled' -Value 'true' -Type String SCCM CI
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AuthManager' -Name 'EdgeChromiumEnabled' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Microsoft Edge WebView for StoreFront authentication
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2302 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'EdgeChromiumEnabled' -Value 'true' -Type String