Skip to content
Log In

Microsoft Edge Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Importing of saved passwords must be disabled.

    Allows users to import saved passwords from another browser into Microsoft Edge. If this policy is enabled, the option to manually import saved passwords is automatically selected. If this policy...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of search engine settings must be disabled.

    Allows users to import search engine settings from another browser into Microsoft Edge. If this policy is enabled, the option to import search engine settings is automatically selected. If this p...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Importing of shortcuts must be disabled.

    Allows users to import Shortcuts from another browser into Microsoft Edge. If this policy is disabled, Shortcuts are not imported on first run. If this policy is not configured, Shortcuts are imp...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • WebUSB must be disabled.

    Set whether websites can access connected USB devices. Access can be blocked completely or the user asked each time a website wants to get access to connected USB devices. Override this policy for...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Google Cast must be disabled.

    Enable this policy to enable Google Cast. Users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon. Disa...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Web Bluetooth API must be disabled.

    Control whether websites can access nearby Bluetooth devices. Access can be blocked completely or the site required to ask the user each time it wants to access a Bluetooth device. If this policy ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Autofill for Credit Cards must be disabled.

    Enables the Microsoft Edge AutoFill feature and lets users auto complete credit card information in web forms using previously stored information. If this policy is disabled, AutoFill never sugges...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Autofill for addresses must be disabled.

    Enables the AutoFill feature and allows users to auto-complete address information in web forms using previously stored information. If this policy is disabled, AutoFill never suggests or fills cr...
    Rule Medium Severity
    Show

  • SRG-APP-000175

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000080

    Group
    Show

  • Browser history must be saved.

    This setting disables deleting browser history and download history and prevents users from changing this setting.
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Edge development tools must be disabled.

    While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and...
    Rule Low Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Download restrictions must be configured.

    Configure the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision. Set "BlockDangerousDownloads" to allow all downloads except for those t...
    Rule Low Severity
    Show

  • SRG-APP-000378

    Group
    Show

  • URLs must be allowlisted for plugin use if used.

    Define a list of sites, based on URL patterns that can open pop-up windows.
    Rule Low Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000386

    Group
    Show

  • Extensions that are approved for use must be allowlisted if used.

    By default, all extensions are allowed. However, if all extensions are blocked by setting the "ExtensionInstallBlockList" policy to "*," users can only install extensions defined in this policy.
    Rule Low Severity
    Show

  • SRG-APP-000400

    Group
    Show

  • The Password Manager must be disabled.

    Enable Microsoft Edge to save user passwords. If this policy is enabled, users can save their passwords in Microsoft Edge. The next time the user visits the site, Microsoft Edge will enter the pas...
    Rule Medium Severity
    Show

  • SRG-APP-000456

    Group
    Show

  • The version of Microsoft Edge running on the system must be a supported version.

    Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (incl...
    Rule High Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Site isolation for every site must be enabled.

    The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The "IsolateOrigins" policy can be used to isolate additional, finer-grained...
    Rule Medium Severity
    Show

  • SRG-APP-000142

    Group
    Show

  • Supported authentication schemes must be configured.

    This setting specifies which HTTP authentication schemes are supported. The policy can be configured by using these values: "basic", "digest", "ntlm", and "negotiate". Separate multiple values wit...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • The download location prompt must be configured.

    This setting provides positive feedback before a download starts, limiting the possibility of inadvertent downloads without notifying the user.
    Rule Low Severity
    Show

  • SRG-APP-000148

    Group
    Show

  • Tracking of browsing activity must be disabled.

    The setting allows websites to be blocked from tracking users' web-browsing activity. If this policy is disabled or is not configured, users can set their own level of tracking prevention. Policy...
    Rule Medium Severity
    Show

  • SRG-APP-000149

    Group
    Show

  • SRG-APP-000151

    Group
    Show

  • SRG-APP-000152

    Group
    Show

  • User feedback must be disabled.

    Microsoft Edge uses the Edge Feedback feature (enabled by default) to allow users to send feedback, suggestions, or customer surveys and to report any issues with the browser. By default, users can...
    Rule Medium Severity
    Show

  • SRG-APP-000153

    Group
    Show

  • The collections feature must be disabled.

    This setting allows users to access the Collections feature, where they can collect, organize, share, and export content more efficiently and with Office integration. If this policy is enabled or ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • The Share Experience feature must be disabled.

    If this policy is set to "ShareAllowed" (the default), users will be able to access the Windows 10 Share experience from the Settings and More menu in Microsoft Edge to share with other apps on the...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules