Manage Dev Tunnels with Group Policies

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Dev Tunnels is a tunneling service that can boost your productivity when testing and debugging web apps, webhooks, APIs, and more. You can also simply use Dev Tunnels to seamlessly share your work with colleagues, demo at conferences, or cross-device app testing. Whether you use Dev Tunnels through Visual Studio, VS Code, or the devtunnel CLI, it takes mere seconds to get started.


We’ve heard from organizations that IT Administrators want to control certain aspects of Dev Tunnels to achieve consistency or compliance across their organization. In response to this feedback, we’re thrilled to announce that Dev Tunnels now supports this level of control with Group Policy Administrative Templates (ADMX/ADML files)!


To configure and deploy these policies, you can use the Group Policy Editor. These policies apply to Dev Tunnels in Visual Studio, port forwarding built into Visual Studio Code, the Visual Studio Code Remote - Tunnels extension, and the devtunnel CLI. These policies will be available in Microsoft Intune in the future as well.



  • Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 8.1, Windows 10, Windows 11
  • Active Directory
  • Access to Group Policy Editor


Policies supported




  • Disable anonymous tunnel access: Disallow anonymous tunnel access. Enabling this policy enforces users to select either private or organization for tunnel access. This means users cannot connect to an existing tunnel with anonymous access control, host an existing tunnel with anonymous access control, or add anonymous access to existing or new tunnels.
  • Disable Dev Tunnels: Disallow users from using the Dev Tunnels service. All commands, with few exceptions, should be denied access when this policy is enabled. Exceptions: unset, echo, ping, and user.
  • Allow only selected Microsoft Entra tenant IDs: Users must authenticate within the given tenant list to access Dev Tunnels. When enabling this policy, multiple tenant IDs can be added by using a semicolon or comma to separate each. All commands, with few exceptions, should be denied access when this policy is enabled, and the user's tenant ID isn't in the list of allowed tenant IDs. Exceptions: unset, echo, ping, and user. Follow the steps in this article to find your Microsoft Entra tenant ID.


Configure policies with Local Group Policy editor

For machines within a corporate network, the Group Policy editor can be used to deploy Dev Tunnel policies.


Download the Administrator Template files

  1. Download the Administrator Template files (ADMX/ADML) for Dev Tunnels from the Microsoft Download Center.
  2. Navigate to the C:\Windows\PolicyDefinitions folder and add the TunnelsPolicies.admx file.
  3. Navigate to the C:\Windows\PolicyDefinitions\en-US folder and add the TunnelsPolicies.adml file.

Apply the policies using the Local Group Policy Editor

  1. Open Command Prompt and run gpupdate /force to ensure the policy files are configured.
  2. Open the Windows Local Group Policy Editor.
  3. Navigate to Computer Configuration > Administrative Templates > Dev Tunnels.
  4. Apply the desired policy changes.


Contact us

If you have any feedback, feature requests, questions, or you encounter an unexpected issue while working with the devtunnel CLI, reach out to us. We want to hear from you!

GitHub issues is a great way to connect with us. You can open a new issue or up-vote any existing issues using a :thumbs_up: reaction to:

  • Request a feature
  • Submit a bug
  • Provide feedback

If you're an enterprise looking to adopt dev tunnels in your organization with specific questions on security, enterprise management or support, email us at

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.