12 New Policies and Security Baseline for Microsoft Edge v104
Microsoft just released a security baseline for Microsoft Edge version 104. Be aware that when you go to download it you won’t see version 104 listed because it still utilizes version 98 as none of the security policies have changed yet. Microsoft v104 introduced 12 new settings that can be used within Computer and User policies. The new setting policies are as follows:
- Allow import of data from other browsers on each Microsoft Edge launch
- Configure browser process code integrity guard setting
- Define domains allowed to access Google Workspace
- Double Click feature in Microsoft Edge enabled (only available in China)
- Enable Drop feature in Microsoft Edge
- Get user confirmation before closing a browser window with multiple tabs
- Text prediction enabled by default
- XFA support in native PDF reader enabled
- Enables Microsoft Edge mini menu *
- Get user confirmation before closing a browser window with multiple tabs *
- Restrict the length of passwords that can be saved in the Password Manager
* These policies are available as both mandatory and user override settings
You can download the three ADMX templates new for Edge version 104 here as shown below.
One of these settings, “Configure browser process code integrity guard setting” restricts the ability to load non-Microsoft signed binaries. When enabled, there are three mode options:
- Disabled (0) = Do not enable code integrity guard in the browser process.
- Audit (1) = Enable code integrity guard audit mode in the browser process.
- Enabled (2) = Enable code integrity guard enforcement in the browser process.
Administrators are encouraged to run this setting in Audit mode (1) early on for compatibility purposes. Audit mode is currently the default but a future security baseline will change this to Enabled (2) once Microsoft has enough data to proceed. The setting options are shown in the screenshot below:
If you haven’t yet imported the secruity baseline, you can do so by running the Baseline-ADImport.ps1 script as shown below.
You can refer to my blog on the Security Baseline for Edge v95 for more information about how to use security baselines for Microsoft Edge.