Monday, September 13, 2021

Security baseline for Microsoft Edge v93

We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 93!


We have reviewed the settings in Microsoft Edge version 93 and updated our guidance with the addition of 1 setting and the removal of 1 setting. Additionally, there is 1 setting worth mentioning. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the version 93 package from the Security Compliance Toolkit.


Enable 3DES cipher suites in TLS (added)

We are enforcing this setting to ensure it remains disabled. 3DES will be completely removed from Microsoft Edge in version 95 (around October 2021) and this policy will stop working at that point. Once it does, we will remove this setting from the baseline. If your server relies upon 3DES support, it should be updated as soon as possible to ensure that modern browsers can continue to connect.


Default Adobe Flash setting (removed)

Now that Adobe Flash support has ended and been removed from Microsoft Edge, we have removed the requirement to disable this setting.


Configure users’ ability to override feature flags (worth mentioning)

Some customers have been asking for this policy setting to further lock down what feature flag settings an end-user may configure. If this policy is configured, it can prevent users from reconfiguring Edge settings exposed by the edge://flags page and/or via command line arguments. A tech-savvy user may uncover unsupported mechanisms for adjusting feature flag settings, but this policy allows blocking both supported mechanisms.


Microsoft Edge version 93 introduced 31 new computer settings and 26 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.


As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.


Please continue to give us feedback through the Security Baseline Community or this post.

Posted at