How to Manage Camera and Microphone Access in Microsoft Edge Application Guard

Microsoft Defender Application Guard (MDAG) can enhance your browser security by isolating untrusted sites in a virtualized environment. However, this means that while you’re using these sites, access to hardware components like the microphone and camera will be restricted by default.

This isn’t ideal in certain scenarios. Sometimes, you will need to allow Microsoft Edge to access your camera and microphone within Application Guard. It’s more important to strike a balance between security and utility and to know what to do in those situations.

5 ways to manage camera and microphone access in Application Guard

Individual users can enable or disable camera and microphone access in MDAG through Windows Security. IT administrators, on the other hand, can edit the Windows Registry in their managed devices using the Registry Editor, Windows PowerShell, or by running a .reg file. There are also group policies available to modify this setting in enterprise environments.

📌 Prerequisites:

• This guide applies to Windows 10 or 11 Pro, Enterprise, or Education editions.
• Application Guard has to be installed and enabled on the computer. (Follow How to install Microsoft Defender Application Guard.)
• You will need administrator access. To check if you have the necessary permissions, go to the Start Menu > Settings > Accounts. The word “Administrator” should be written under the username.

📌 Recommended deployment strategies:

Method 1: Configure via Windows Security settings

📌 Use Case: This method is ideal for individual users.

1. Open the Start Menu and search for Windows Security to open the program.
2. Go to App & browser control.
3. Under Isolated browsing, select Change Application Guard settings. If the option isn’t there, you need to install MDAG.
4. Scroll down to the Camera and microphone section and toggle it on or off according to your needs.
5. The User Account Control (UAC) will prompt you to verify the change. Click Yes.
6. Restart the computer to apply the changes.

How to install Microsoft Defender Application Guard

1. Click Install Microsoft Defender Application Guard. This will open the Windows Features window.
2. Scroll down and check the box next to Microsoft Defender Application Guard.
3. Click OK.

Method 2: Modify Registry settings

📌 Use Case: This method can be used by advanced users or by IT administrators working in managed environments.

1. Open the Start Menu and search for Registry Editor to open the program.
2. Navigate to this address: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Hvsi
   • If the Hvsi key doesn’t exist, right-click Microsoft > New > Key.
   • Name it Hvsi.
3. In the Hvsi key, find the EnableCameraMicrophoneRedirection and double-click it. If it’s not there, follow these steps to create it:
   • Right-click Hvsi > New > DWORD (32-bit) Value.
   • Name it EnableCameraMicrophoneRedirection.
4. To enable camera and microphone access, change the value to 1. Change it to 0 if you want to disable it.
5. You can now close the Registry Editor. Restart the computer to apply the changes.

Method 3: Use PowerShell to configure settings

📌 Use Case: This method is ideal for enterprise environments. You can automate deployment using a remote PowerShell tool.

1. 1. Open the Start Menu and search for Windows PowerShell.
   2. Right-click Windows PowerShell > Run as administrator.
   3. To enable camera and microphone access in Microsoft Edge, type this command:
      

      Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Hvsi” -Name “EnableCameraMicrophoneRedirection” -Value 1 -Type DWord

1. To disable camera and microphone access, type this command instead:
   

   Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Hvsi” -Name “EnableCameraMicrophoneRedirection” -Value 0 -Type DWord

2. Restart the computer to apply the changes.

Method 4: Create a .reg file

📌 Use Case: This method can be used in enterprise environments. You can run the .reg file using your preferred endpoint management tool.

1. Open the Start Menu and search for Notepad to open the program.
2. To enable camera and microphone access in Microsoft Edge, type this:
   

   Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Hvsi] “EnableCameraMicrophoneRedirection”=dword:00000001

3. To disable them, type this instead:
   

   Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Hvsi] “EnableCameraMicrophoneRedirection”=dword:00000000

4. Click File > Save as.
5. Name it CameraMicrophone_Access.reg.
6. Click the dropdown next to Save as type > All files.
7. Click Save. You can now close Notepad.
8. Go to where you saved CameraMicrophone_Access.reg and double-click it to run the file.
9. The changes will be made to the Windows Registry automatically. Restart the computer to apply the changes.

Method 5: Configure via Group Policy

📌 Use Case: This method can be used in enterprise environments with a large number of managed devices.

1. Open the Start Menu and search for Edit group policy to open the program.
2. Go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Application Guard.
3. Find the Allow camera and microphone access in Microsoft Defender Application Guard policy.
4. Enable or disable it according to your needs.
   • Enable – This will give microphone and camera access in Microsoft Edge.
   • Disable – This will prevent microphone and camera access in Microsoft Edge.
5. Click Apply > OK.
6. Restart the computer to apply the changes.

Verification

1. Open Microsoft Edge.
2. Press Ctrl+Shift+Q to open a Microsoft Edge window in Application Guard mode.
3. Go to a website that requires camera and microphone access.
4. Confirm if the settings are working as expected.

⚠️ Things to look out for

Additional considerations before managing camera and microphone access for Microsoft Edge in Application Guard

• Before changing the access settings in Application Guard, ensure that device-level permissions for the microphone and camera are enabled in Settings > Privacy & security.
• Verify that the microphone and camera drivers are installed and working properly in Device Manager before changing the settings in MDAG.
• Enabling hardware access through MDAG may introduce a security risk. Review your organization’s security policy before proceeding.

Troubleshooting

The microphone or camera might not work within Application Guard. In that case, check the following:

• Make sure that the camera and microphone are working outside of MDAG.
• Check if there are any conflicting group policies or third-party software.

Managing camera and microphone access for Microsoft Edge in Application Guard

There are several ways to enable or disable access to the camera and microphone through Microsoft Guard. It can be done through Windows Security or by changing group policies. You can also edit the Windows Registry using the Registry Editor, Windows PowerShell, or by running a .reg file.

In high-security situations, it’s ideal to restrict hardware access altogether, but there are situations where the users will need access to their microphones and cameras to accomplish their tasks. Managing this setting will allow you to strike a perfect balance between security and utility.

Related topics:

• How to Enable or Disable the Microphone in Windows
• How to Enable or Disable the Microphone in Windows (video)
• How to Allow or Deny Apps Camera Access in Windows 10
• How to Enable or Disable Camera On/Off OSD Indicator in Windows