Do not allow WebAuthn redirection

Supported on: At least Windows Server 2019, Windows 10 Version 2004

Registry

HKLM SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

Value name: fDisableWebAuthn

Enabled: fDisableWebAuthn = 1

Disabled: fDisableWebAuthn = 0

Description

This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other). By default, Remote Desktop allows redirection of WebAuthn requests. If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.