Skip to content
Log In

Microsoft Edge Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000039

    Group
    Show

  • User control of proxy settings must be disabled.

    This action configures the proxy settings for Microsoft Edge. If this policy is enabled, Microsoft Edge ignores all proxy-related options specified from the command line. If this policy is not co...
    Rule Low Severity
    Show

  • Bypassing of Microsoft Defender SmartScreen warnings about downloads must be disabled.

    This policy setting allows a decision to be made on whether users can override Microsoft Defender SmartScreen warnings about unverified downloads. If this setting is enabled, users cannot ignore M...
    Rule Medium Severity
    Show

  • The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used.

    Configure the list of Microsoft Defender SmartScreen trusted domains. This means Microsoft Defender SmartScreen will not check for potentially malicious resources, such as phishing software and oth...
    Rule Low Severity
    Show

  • The default search provider must be set to use an encrypted connection.

    Allows a list of list of up to 10 search engines to be configured, one of which must be marked as the default search engine. The encoding does not need to be specified. Starting in Microsoft Edge 8...
    Rule Medium Severity
    Show

  • Network prediction must be disabled.

    Enables network prediction and prevents users from changing this setting. This controls DNS prefetching, TCP and SSL pre-connection, and pre-rendering of web pages. If this policy is not configur...
    Rule Medium Severity
    Show

  • Importing of browsing history must be disabled.

    Allows users to import their browsing history from another browser into Microsoft Edge. If this policy is enabled, the Browsing history check box is automatically selected in the Import browser da...
    Rule Medium Severity
    Show

  • Importing of open tabs must be disabled.

    Allows users to import open and pinned tabs from another browser into Microsoft Edge. If this policy is enabled, the Open tabs check box is automatically selected in the Import browser data dialog...
    Rule Medium Severity
    Show

  • AutoplayAllowed must be set to disabled.

    This policy sets the media autoplay policy for websites. The default setting "Not configured" respects the current media autoplay settings and lets users configure their autoplay settings. Settin...
    Rule Medium Severity
    Show

  • Online revocation checks must be performed.

    If you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. "Soft fail" means that if the revocation server can't be reached, the certificate will be considered valid....
    Rule Medium Severity
    Show

  • Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled.

    This policy prevents Microsoft from collecting a user's Microsoft Edge browsing history to be used for personalizing advertising, search, news and other Microsoft services. This setting is only av...
    Rule Medium Severity
    Show

  • Extensions installation must be blocklisted by default.

    List specific extensions that users cannot install in Microsoft Edge. When this policy is deployed, any extensions on this list that were previously installed will be disabled, and the user will no...
    Rule Medium Severity
    Show

  • Microsoft Defender SmartScreen must be enabled.

    This policy setting configures Microsoft Defender SmartScreen, which provides warning messages to help protect users from potential phishing scams and malicious software. By default, Microsoft Def...
    Rule Medium Severity
    Show

  • Microsoft Defender SmartScreen must be configured to block potentially unwanted apps.

    This policy setting configures blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwanted app blocking with Microsoft Defender SmartScreen provides warning mes...
    Rule Medium Severity
    Show

  • A website's ability to query for payment methods must be disabled.

    This setting determines whether websites can check if the user has payment methods saved. If this policy is disabled, websites that use "PaymentRequest.canMakePayment" or "PaymentRequest.hasEnroll...
    Rule Medium Severity
    Show

  • Suggestions of similar web pages in the event of a navigation error must be disabled.

    This setting allows Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connectivity issues such as DNS errors. If this policy is enabled, a web servic...
    Rule Medium Severity
    Show

  • The built-in DNS client must be disabled.

    This setting controls whether to use the built-in DNS client. This does not affect which DNS servers are used; it only controls the software stack that is used to communicate with them. For exampl...
    Rule Medium Severity
    Show

  • Importing of cookies must be disabled.

    Allows users to import cookies from another browser into Microsoft Edge. If this policy is disabled, cookies are not imported on first run. If this policy is not configured, cookies are imported ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of extensions must be disabled.

    Allows users to import extensions from another browser into Microsoft Edge. If this policy is enabled, the Extensions check box is automatically selected in the Import browser data dialog box. If...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000073

    Group
    Show

  • Bypassing Microsoft Defender SmartScreen prompts for sites must be disabled.

    This policy setting allows a decision to be made on whether users can override the Microsoft Defender SmartScreen warnings about potentially malicious websites. If this setting is enabled, users c...
    Rule Medium Severity
    Show

  • SRG-APP-000073

    Group
    Show

  • SRG-APP-000073

    Group
    Show

  • SRG-APP-000080

    Group
    Show

  • InPrivate mode must be disabled.

    This setting specifies whether the user can open pages in InPrivate mode in Microsoft Edge. If this policy is not configured or set it to "Enabled", users can open pages in InPrivate mode. Set th...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Background processing must be disabled.

    Background processing allows Microsoft Edge processes to start at OS sign-in and keep running after the last browser window is closed. In this scenario, background apps and the current browsing ses...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • The ability of sites to show pop-ups must be disabled.

    Set whether websites can show pop-up windows. Pop-ups can be allowed on all websites ("AllowPopups") or blocked on all sites ("BlockPopups"). If this policy is configured, pop-up windows are block...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of browser settings must be disabled.

    Allows users to import browser settings from another browser into Microsoft Edge. If this policy is enabled, the Browser settings check box is automatically selected in the Import browser data dia...
    Rule Low Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Data Synchronization must be disabled.

    Disables data synchronization in Microsoft Edge. This policy also prevents the sync consent prompt from appearing. If this policy is not set or applied as recommended, users will be able to turn s...
    Rule Low Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Search suggestions must be disabled.

    Enables web search suggestions in the Microsoft Edge Address Bar and Auto-Suggest List, and prevents users from changing this policy. If this policy is enabled, web search suggestions are used. I...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of autofill form data must be disabled.

    Allows users to import autofill form data from another browser into Microsoft Edge. If this policy is enabled, the option to manually import autofill data is automatically selected. If this polic...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of home page settings must be disabled.

    Allows users to import their home page setting from another browser into Microsoft Edge. If this policy is enabled, the option to manually import the home page setting is automatically selected. ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of payment info must be disabled.

    Allows users to import payment info from another browser into Microsoft Edge. If this policy is enabled, the payment info check box is automatically selected in the Import browser data dialog box....
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules