III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000141
Group -
Autofill for Credit Cards must be disabled.
Enables the Microsoft Edge AutoFill feature and lets users auto complete credit card information in web forms using previously stored information. If this policy is disabled, AutoFill never sugges...Rule Medium Severity -
SRG-APP-000141
Group -
Autofill for addresses must be disabled.
Enables the AutoFill feature and allows users to auto-complete address information in web forms using previously stored information. If this policy is disabled, AutoFill never suggests or fills cr...Rule Medium Severity -
SRG-APP-000175
Group -
Online revocation checks must be performed.
If you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. "Soft fail" means that if the revocation server can't be reached, the certificate will be considered valid....Rule Medium Severity -
SRG-APP-000141
Group -
Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled.
This policy prevents Microsoft from collecting a user's Microsoft Edge browsing history to be used for personalizing advertising, search, news and other Microsoft services. This setting is only av...Rule Medium Severity -
SRG-APP-000141
Group -
Site tracking of a user’s location must be disabled.
Set whether websites can track users' physical locations. Tracking can be allowed by default ("AllowGeolocation") or denied by default ("BlockGeolocation"), or the user can be asked each time a web...Rule Medium Severity -
SRG-APP-000080
Group -
Browser history must be saved.
This setting disables deleting browser history and download history and prevents users from changing this setting.Rule Medium Severity -
SRG-APP-000141
Group -
Edge development tools must be disabled.
While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and...Rule Low Severity -
SRG-APP-000141
Group -
Download restrictions must be configured.
Configure the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision. Set "BlockDangerousDownloads" to allow all downloads except for those t...Rule Low Severity -
SRG-APP-000378
Group -
URLs must be allowlisted for plugin use if used.
Define a list of sites, based on URL patterns that can open pop-up windows.Rule Low Severity -
SRG-APP-000141
Group -
Extensions installation must be blocklisted by default.
List specific extensions that users cannot install in Microsoft Edge. When this policy is deployed, any extensions on this list that were previously installed will be disabled, and the user will no...Rule Medium Severity -
SRG-APP-000386
Group -
Extensions that are approved for use must be allowlisted if used.
By default, all extensions are allowed. However, if all extensions are blocked by setting the "ExtensionInstallBlockList" policy to "*," users can only install extensions defined in this policy.Rule Low Severity -
SRG-APP-000400
Group -
The Password Manager must be disabled.
Enable Microsoft Edge to save user passwords. If this policy is enabled, users can save their passwords in Microsoft Edge. The next time the user visits the site, Microsoft Edge will enter the pas...Rule Medium Severity -
SRG-APP-000456
Group -
The version of Microsoft Edge running on the system must be a supported version.
Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (incl...Rule High Severity -
SRG-APP-000141
Group -
Site isolation for every site must be enabled.
The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The "IsolateOrigins" policy can be used to isolate additional, finer-grained...Rule Medium Severity -
SRG-APP-000142
Group -
Supported authentication schemes must be configured.
This setting specifies which HTTP authentication schemes are supported. The policy can be configured by using these values: "basic", "digest", "ntlm", and "negotiate". Separate multiple values wit...Rule Medium Severity -
SRG-APP-000141
Group -
Microsoft Defender SmartScreen must be enabled.
This policy setting configures Microsoft Defender SmartScreen, which provides warning messages to help protect users from potential phishing scams and malicious software. By default, Microsoft Def...Rule Medium Severity -
SRG-APP-000141
Group -
Microsoft Defender SmartScreen must be configured to block potentially unwanted apps.
This policy setting configures blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwanted app blocking with Microsoft Defender SmartScreen provides warning mes...Rule Medium Severity -
SRG-APP-000141
Group -
The download location prompt must be configured.
This setting provides positive feedback before a download starts, limiting the possibility of inadvertent downloads without notifying the user.Rule Low Severity -
SRG-APP-000148
Group -
Tracking of browsing activity must be disabled.
The setting allows websites to be blocked from tracking users' web-browsing activity. If this policy is disabled or is not configured, users can set their own level of tracking prevention. Policy...Rule Medium Severity -
SRG-APP-000149
Group -
A website's ability to query for payment methods must be disabled.
This setting determines whether websites can check if the user has payment methods saved. If this policy is disabled, websites that use "PaymentRequest.canMakePayment" or "PaymentRequest.hasEnroll...Rule Medium Severity -
SRG-APP-000151
Group -
Suggestions of similar web pages in the event of a navigation error must be disabled.
This setting allows Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connectivity issues such as DNS errors. If this policy is enabled, a web servic...Rule Medium Severity -
SRG-APP-000152
Group -
User feedback must be disabled.
Microsoft Edge uses the Edge Feedback feature (enabled by default) to allow users to send feedback, suggestions, or customer surveys and to report any issues with the browser. By default, users can...Rule Medium Severity -
SRG-APP-000153
Group -
The collections feature must be disabled.
This setting allows users to access the Collections feature, where they can collect, organize, share, and export content more efficiently and with Office integration. If this policy is enabled or ...Rule Medium Severity -
SRG-APP-000141
Group -
The Share Experience feature must be disabled.
If this policy is set to "ShareAllowed" (the default), users will be able to access the Windows 10 Share experience from the Settings and More menu in Microsoft Edge to share with other apps on the...Rule Medium Severity -
SRG-APP-000141
Group -
Guest mode must be disabled.
Enabling Guest mode allows the use of guest profiles in Microsoft Edge. In a guest profile, the browser does not import browsing data from existing profiles, and it deletes browsing data when all g...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.