Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device

This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container.

If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer.

If you disable or don't configure this setting, certificates are not shared with the Microsoft Defender Application Guard container.

Example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924

Supported on: Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode

Thumbprints of the certificates to share

Registry PathSOFTWARE\Policies\Microsoft\AppHVSI
Value NameCertificateThumbprints
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)