Редактиране

Споделяне чрез


Microsoft Edge security baseline settings reference for Microsoft Intune

This article is a reference for the settings that are available in the Microsoft Edge security baseline for Microsoft Intune and applies to versions of that baseline that released in May 2023 or later.

If you use a security baseline for Microsoft Edge version 85 or earlier, see List of the settings in the Microsoft Edge security baseline in Intune.

Note

Beginning in May 2023, all new security baseline versions use a new settings format that replaces previous versions. While the last version instance for a baseline that uses the older setting format remains available to use, the older format will no longer receive updates for new settings, or updated default configurations.

About this reference article

Each security baseline is a group of preconfigured Windows settings that help you apply and enforce granular security settings that the relevant security teams recommend. You can also customize each baseline you deploy to enforce only those settings and values you require. When you create a security baseline profile in Intune, you're creating a template that consists of multiple device configuration profiles.

The details that are displayed in this article are based on baseline version that is selected at the top of the article. For each selection, this article displays:

  • A list of each setting in that baseline version.
  • The default configuration of each setting in that baseline version.
  • When available, a link to the underlying configuration service provider (CSP) documentation, or other related content from the relevant product group that provides context and possibly additional details for the settings use.

When a new version of a baseline becomes available, it replaces the previous version. Profile instances that you’ve created prior to the availability of a new version:

  • Become read-only. You can continue to use those profiles but can't edit them to change their configuration.

    Tip

    Because the new baselines versions introduced in May 2023 or later exist side-by-side with the last baseline version from the older format, baselines for the last available version of that older format remain accessible to use and to edit.

  • Can be updated to the latest version. After you update a profile to the current baseline version, you can edit the profile to modify settings.

To learn more about using security baselines, see:

Microsoft Edge

Microsoft Edge baseline for November 2023 (Edge version 117)

For information about the most recent baseline versions and settings from Microsoft, including versions of this baseline that might not be available through Intune, download the Microsoft Security Compliance Toolkit from the Microsoft Download Center.

  • Allow unconfigured sites to be reloaded in Internet Explorer mode
    Baseline default: Disabled

  • Allow users to proceed from the HTTPS warning page
    Baseline default: Disabled

  • Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode
    Baseline default: Disabled

  • Enable browser legacy extension point blocking
    Baseline default: Enabled

  • Enable site isolation for every site
    Baseline default: Enabled

  • Enhance images enabled
    Baseline default: Disabled

  • Force WebSQL to be enabled
    Baseline default: Disabled

  • Show the Reload in Internet Explorer mode button in the toolbar
    Baseline default: Disabled

  • Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
    Baseline default: Disabled

Extensions:

  • Control which extensions cannot be installed
    Baseline default: Enabled

    • Extension IDs the user should be prevented from installing (or * for all) (Device)
      Baseline default: *

HTTP authentication:

  • Allow Basic authentication for HTTP
    Baseline default: Disabled

  • Supported authentication schemes
    Baseline default: Enabled
    Learn more

Native Messaging:

  • Allow user-level native messaging hosts (installed without admin permissions)
    Baseline default: Disabled

Private Network Request Settings:

  • Specifies whether to allow insecure websites to make requests to more-private network endpoints
    Baseline default: Disabled

SmartScreen settings:

  • Configure Microsoft Defender SmartScreen
    Baseline default: Enabled
    Learn more

  • Configure Microsoft Defender SmartScreen to block potentially unwanted apps
    Baseline default: Enabled

  • Prevent bypassing Microsoft Defender SmartScreen prompts for sites
    Baseline default: Enabled
    Learn more

  • Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
    Baseline default: Enabled
    Learn more

  • Configure Edge TyposquattingChecker
    Baseline default: Enabled

Microsoft Edge baseline for May 2023 (Edge version 112)

For information about the most recent baseline versions and settings from Microsoft, including versions of this baseline that might not be available through Intune, download the Microsoft Security Compliance Toolkit from the Microsoft Download Center.

  • Allow unconfigured sites to be reloaded in Internet Explorer mode
    Baseline default: Disabled

  • Allow users to proceed from the HTTPS warning page
    Baseline default: Disabled

  • Enable browser legacy extension point blocking
    Baseline default: Enabled

  • Enable site isolation for every site
    Baseline default: Enabled

  • Enhance images enabled
    Baseline default: Disabled

  • Force WebSQL to be enabled
    Baseline default: Disabled

  • Minimum TLS version enabled
    Baseline default: Enabled

    • Minimum SSL version enabled (Device)
      Baseline default: TLS 1.2
  • Show the Reload in Internet Explorer mode button in the toolbar
    Baseline default: Disabled

  • Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
    Baseline default: Disabled

Extensions:

  • Control which extensions cannot be installed
    Baseline default: Enabled

    • Extension IDs the user should be prevented from installing (or * for all) (Device)
      Baseline default: *

HTTP authentication:

  • Allow Basic authentication for HTTP
    Baseline default: Disabled

  • Supported authentication schemes
    Baseline default: Enabled
    Learn more

  • Supported authentication schemes (Device)
    Baseline default: ntlm,negotiate

Native Messaging:

  • Allow user-level native messaging hosts (installed without admin permissions)
    Baseline default: Disabled

Password manager and protection:

  • Enable saving passwords to the password manager
    Baseline default: Disabled
    Learn more

Private Network Request Settings:

  • Specifies whether to allow insecure websites to make requests to more-private network endpoints
    Baseline default: Disabled

SmartScreen settings:

  • Configure Microsoft Defender SmartScreen
    Baseline default: Enabled
    Learn more

  • Configure Microsoft Defender SmartScreen to block potentially unwanted apps
    Baseline default: Enabled

  • Prevent bypassing Microsoft Defender SmartScreen prompts for sites
    Baseline default: Enabled
    Learn more

  • Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
    Baseline default: Enabled
    Learn more