Skip to content

Microsoft Edge Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Google Cast must be disabled.

    &lt;VulnDiscussion&gt;Enable this policy to enable Google Cast. Users will be able to launch it from the app menu, page context menus, media contro...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Web Bluetooth API must be disabled.

    &lt;VulnDiscussion&gt;Control whether websites can access nearby Bluetooth devices. Access can be blocked completely or the site required to ask th...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Autofill for Credit Cards must be disabled.

    &lt;VulnDiscussion&gt;Enables the Microsoft Edge AutoFill feature and lets users auto complete credit card information in web forms using previousl...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Autofill for addresses must be disabled.

    &lt;VulnDiscussion&gt;Enables the AutoFill feature and allows users to auto-complete address information in web forms using previously stored infor...
    Rule Medium Severity
  • SRG-APP-000175

    <GroupDescription></GroupDescription>
    Group
  • Online revocation checks must be performed.

    &lt;VulnDiscussion&gt;If you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. "Soft fail" means that if the revoc...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled.

    &lt;VulnDiscussion&gt;This policy prevents Microsoft from collecting a user's Microsoft Edge browsing history to be used for personalizing advertis...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • SRG-APP-000080

    <GroupDescription></GroupDescription>
    Group
  • Browser history must be saved.

    &lt;VulnDiscussion&gt;This setting disables deleting browser history and download history and prevents users from changing this setting.&lt;/VulnDi...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Edge development tools must be disabled.

    &lt;VulnDiscussion&gt;While the risk associated with browser development tools is more related to the proper design of a web application, a risk ve...
    Rule Low Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Download restrictions must be configured.

    &lt;VulnDiscussion&gt;Configure the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision. ...
    Rule Low Severity
  • SRG-APP-000378

    <GroupDescription></GroupDescription>
    Group
  • URLs must be whitelisted for plugin use if used.

    &lt;VulnDiscussion&gt;Define a list of sites, based on URL patterns that can open pop-up windows.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/...
    Rule Low Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Extensions installation must be blocklisted by default.

    &lt;VulnDiscussion&gt;List specific extensions that users cannot install in Microsoft Edge. When this policy is deployed, any extensions on this li...
    Rule Medium Severity
  • SRG-APP-000386

    <GroupDescription></GroupDescription>
    Group
  • Extensions that are approved for use must be allowlisted if used.

    &lt;VulnDiscussion&gt;By default, all extensions are allowed. However, if all extensions are blocked by setting the "ExtensionInstallBlockList" pol...
    Rule Low Severity
  • SRG-APP-000400

    <GroupDescription></GroupDescription>
    Group
  • The Password Manager must be disabled.

    &lt;VulnDiscussion&gt;Enable Microsoft Edge to save user passwords. If this policy is enabled, users can save their passwords in Microsoft Edge. T...
    Rule Medium Severity
  • SRG-APP-000456

    <GroupDescription></GroupDescription>
    Group
  • The version of Microsoft Edge running on the system must be a supported version.

    &lt;VulnDiscussion&gt;Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...
    Rule High Severity
  • SRG-APP-000560

    <GroupDescription></GroupDescription>
    Group
  • Edge must be configured to allow only TLS.

    &lt;VulnDiscussion&gt;Sets the minimum supported version of SSL. If this policy is not configured, Microsoft Edge uses a default minimum version, T...
    Rule High Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Site isolation for every site must be enabled.

    &lt;VulnDiscussion&gt;The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The ...
    Rule Medium Severity
  • SRG-APP-000142

    <GroupDescription></GroupDescription>
    Group
  • Microsoft Defender SmartScreen must be enabled.

    &lt;VulnDiscussion&gt;This policy setting configures Microsoft Defender SmartScreen, which provides warning messages to help protect users from po...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • User feedback must be disabled.

    &lt;VulnDiscussion&gt;Microsoft Edge uses the Edge Feedback feature (enabled by default) to allow users to send feedback, suggestions, or customer ...
    Rule Medium Severity
  • SRG-APP-000153

    <GroupDescription></GroupDescription>
    Group
  • Microsoft Defender SmartScreen must be configured to block potentially unwanted apps.

    &lt;VulnDiscussion&gt;This policy setting configures blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwant...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The download location prompt must be configured.

    &lt;VulnDiscussion&gt;This setting provides positive feedback before a download starts, limiting the possibility of inadvertent downloads without n...
    Rule Low Severity
  • SRG-APP-000148

    <GroupDescription></GroupDescription>
    Group
  • Tracking of browsing activity must be disabled.

    &lt;VulnDiscussion&gt;The setting allows websites to be blocked from tracking users' web-browsing activity. If this policy is disabled or is not c...
    Rule Medium Severity
  • SRG-APP-000149

    <GroupDescription></GroupDescription>
    Group
  • A website's ability to query for payment methods must be disabled.

    &lt;VulnDiscussion&gt;This setting determines whether websites can check if the user has payment methods saved. If this policy is disabled, websit...
    Rule Medium Severity
  • SRG-APP-000151

    <GroupDescription></GroupDescription>
    Group
  • Suggestions of similar web pages in the event of a navigation error must be disabled.

    &lt;VulnDiscussion&gt;This setting allows Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connecti...
    Rule Medium Severity
  • SRG-APP-000152

    <GroupDescription></GroupDescription>
    Group
  • The collections feature must be disabled.

    &lt;VulnDiscussion&gt;This setting allows users to access the Collections feature, where they can collect, organize, share, and export content more...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules