Information
This policy setting determines whether a website is able to ask for access to use the WebHID API. The WebHID API allows websites to access alternative auxiliary keyboards and exotic gamepads.
The recommended state for this setting is: Enabled: Do not allow any site to request access to HID devices via the WebHID API.
Rationale:
Disabling the WebHID API prevents HID peripherals from exposing powerful functionality that should not be made accessible to the page without explicit consent. For instance, a HID peripheral may have sensors that allow it to collect information about its surroundings; a device may store private information that should not be revealed or overwritten. Operating systems typically do not restrict access to HID devices from applications, and this access can occasionally be abused to damage the device or corrupt the data stored on it.
Impact:
WebHID describes a wide array of devices that could be supported through HID, including virtual reality controls, flight simulators, medical equipment, and more. Disabling WebHID would require additional drivers or modification to enable support for approved devices.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: Do not allow any site to request access to HID devices via the WebHID API:
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Content settings\Control use of the WebHID API
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.
Default Value:
Allow site to ask the user to grant access to a HID device.