Browse more safely with Microsoft Edge
Microsoft Edge for Business is now available in Edge stable version 116! Learn more about the new, dedicated work experience with native enterprise grade security, productivity, manageability, and AI built in.
This article describes how Microsoft Edge provides enhanced security on the web.
This article applies to Microsoft Edge version 111 or later. Some users might see enhanced security turned on by default due to ongoing development and testing. If you want to turn the security feature off, refer to the What's new in Microsoft Edge security settings in this article.
Developers should be aware that the WebAssembly (WASM) interpreter running in enhanced security mode might not yield the expected level of performance. We recommend adding your site as an exception to opt-out of enhanced security mode for site users.
Defense in depth
When combined, these changes help provide 'defense in depth' because they make it more difficult than ever before for a malicious site to use an unpatched vulnerability to write to executable memory and attack an end user. You can learn more about the experimentation results from the Microsoft Edge Security team's blog post and Introducing Enhanced Security for Microsoft Edge.
You may also be interested to learn more about the first line security protections in Microsoft Edge. Notably, you may want to learn more about how Microsoft Edge SmartScreen protects users from phishing scams and malware downloads.
WebAssembly is now supported in enhanced security mode for x64 Windows, x64 macOS, x64 Linux, and ARM64 systems.
What's new in Microsoft Edge security settings
With Enhance your security on the web, Microsoft Edge gives you an extra layer of protection when browsing the web.
Enhanced security on the web runs on unfamiliar sites without the just in time (JIT) compilation to reduce attack surface, making it difficult for malicious sites to exploit.
This additional protection includes Windows operating system mitigations such as Hardware Enforced Stack Protection, Arbitrary Code Guard (ACG), and Control Flow Guard (CFG).
Use the following steps to configure added security.
- In Microsoft Edge, go to Settings and more > Settings > Privacy, search, and services.
- Under Security, verify that Enhance your security on the web is enabled.
- Select the option that's best for your browsing.
The following toggle settings are available:
- Toggle Off (Default): Feature is turned off
- Toggle On – Balanced (Recommended): Microsoft Edge will apply added security protections when users visit unfamiliar sites but bypass those protections for commonly visited sites. This combination provides a practical level of protection against attackers while preserving the user experience for a user's usual tasks on the web.
- Toggle On – Strict: Microsoft Edge will apply added security protections for all the sites a user visits. Users may report some challenges accomplishing their usual tasks.
The following screenshot shows the "Enhance your security on the web" configuration page, with Balanced security mode enabled and set to provide Balanced security.
How "Balanced" mode works
Balanced mode is an adaptive mode that builds on user's behavior on a particular device, and Microsoft's understanding of risk across the web to give sites that users are most likely to use and trust full access to the web platform, while limiting what new and unfamiliar sites can do when visited.
How "Strict" mode works
As the name suggests, Strict Mode applies these security protections to all sites by default. However, you can still manually add sites to the exception site list and enterprise admin configuration will still apply, if present. Strict mode isn't appropriate for most end users because it may require some level of configuration for the user to complete their normal tasks.
Enhanced security sites
In Balanced and Strict mode, you can also create exceptions for certain familiar websites that you trust or wish to enforce these modes on. Use the following steps to add a site to your list.
- In Microsoft Edge, select Settings and more > Settings > Privacy, search, and services.
- Verify that Enhance your security on the web is turned on.
- Under Enhance your security on the web, select Manage enhanced security for sites.
- Select Add a site, type in the full URL, and then select Add.
You can use steps (1 - 3) to view sites in enhanced security sites.. You can Edit a site, Remove a site, or Remove all exceptions.
The next screenshot shows the settings page for security exceptions.
Enterprise Admins can configure this security feature using Group Policy settings, including creating "Allow" and "Deny" lists to explicitly enhance security for their users when visiting certain sites, or disable the mode for others. For a complete list of policies, see the Microsoft Edge browser policy documentation.
User experience with enhanced security mode
After a user turns on enhanced security mode, they'll see a banner with the words "Added security" in their URL navigation bar when Microsoft Edge is applying enhanced security mode for a particular site.
When you select the banner, you'll see the next flyout. You can select "Enhance security for this site" to redirect you to a second flyout that shows the security settings for the current site and gives the user the option to toggle security on or off.
"Enhance security for this site" only appears when enhanced security mode is enabled in Microsoft Edge Settings.
In the flyout shown in the next screenshot, you can manually enable or disable enhanced security mode for a particular site. If you change the "Use enhanced security for this site" toggle, Microsoft Edge will proactively add that site to the exception site list.
You can always remove this site by updating the exception site list in Settings > Privacy, search, and services > Enhanced security exceptions.
Send us feedback
We want to get your feedback on our next iteration to improve "enhanced security mode". If something doesn't work the way you expect, or if you have feedback to share on these changes, we want to hear from you. You can reach out to Microsoft Support to report issues or feedback. You can also leave feedback in our TechCommunity forum.