Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, we describe how to configure the LocalNetworkAccessAllowedForUrls policy for Chrome-based Microsoft Edge and Google Chrome browsers on Windows machines via the registry. While Chrome begins enforcing Local Network Access restrictions in Chrome 142, Microsoft eCDN's peer-to-peer technology isn't expected to be impacted until Chrome 146, when enforcement extends to WebRTC connections.
Purpose
The LocalNetworkAccessAllowedForUrls policy allows specific websites to access resources on local network endpoints, which is essential for Microsoft eCDN's peer-to-peer functionality. Without this policy configuration, browser-based clients may be prevented from establishing peer-to-peer connections within your organizational network.
This policy complements the WebRtcLocalIpsAllowedUrls configuration and is expected to become a required component for enabling browser-based peer-to-peer communication in Microsoft eCDN.
Note
No such configuration change requirement applies to the Teams Desktop application as it already has access to local network resources.
Registry Key
Four registry entries are required to support local network access for Microsoft eCDN. Each domain requires its own REG_SZ entry with a unique value name.
| Registry element | Value |
|---|---|
| Path for Microsoft Edge | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ |
| Path for Google Chrome | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ |
| Key name | LocalNetworkAccessAllowedForUrls |
| Value name | 1 or other numeric value |
| Value 1 | [*.]ecdn.teams.microsoft.com |
| Value 2 | https://teams.microsoft.com |
| Value 3 | [*.]ecdn.teams.cloud.microsoft |
| Value 4 | https://teams.cloud.microsoft |
| Value 5 | https://engage.cloud.microsoft/ |
Important
We've begun migrating domains from teams.microsoft.com to teams.cloud.microsoft in accordance with the Unified Domains initiative. We urge customers to add the new domain(s) to their network traffic filters and policies (firewall, proxy, policies, VPN) as soon as possible, and to retain the legacy domains until noted otherwise.
Tip
Customers who have a third party integration, such as MediaPlatform, may see improved performance by also adding the third party platform's domain. Reach out to your third party provider for the specific video platform's domain, which may differ from the organization's website's domain.
US government tenants (GCC and GCC High)
US government and other high-security customers must use the following hostnames instead.
| Tenant type | Hostname or origin |
|---|---|
| GCC | [*.]ecdn.gcc.teams.microsoft.com |
| GCC | https://teams.microsoft.com |
| GCC | https://teams.cloud.microsoft |
| GCC High | [*.]ecdn.gov.teams.microsoft.us |
| GCC High | https://teams.microsoft.us |
Firefox support
Firefox is implementing similar Local Network Access restrictions but hasn't yet shipped these changes to the release channel. The feature is currently available only in Firefox Nightly and the team is waiting for Chrome's full deployment before releasing it. When Firefox does implement Local Network Access restrictions, they plan to provide equivalent enterprise policies for managing these permissions. Currently, the LocalNetworkAccessAllowedForUrls policy isn't needed for Firefox, but this is likely to change in future releases.
Related configuration
This policy should be configured alongside the WebRtcLocalIpsAllowedUrls policy for full Microsoft eCDN peer-to-peer functionality.