Blog Post

Microsoft Security Baselines Blog
2 MIN READ

Security baseline for Microsoft Edge v107

Rick_Munck's avatar
Rick_Munck
Icon for Microsoft rankMicrosoft
Nov 17, 2022

Microsoft is pleased to announce the release of the security baseline for Microsoft Edge, version 107!

 

We have reviewed the settings in Microsoft Edge version 107 and updated our guidance with the addition of one new setting. We’re also highlighting three settings we would like you to consider based on your organizational needs. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the new package from the Security Compliance Toolkit.

 

Spell checking provided by Microsoft Editor (Consider)

First introduced in Microsoft Edge, version 105. The Microsoft Editor utilizes the power of the cloud for enhanced spell checking for text fields within the browser. This feature securely transmits form data to a Microsoft service in the  cloud, as described in the Microsoft Edge Privacy Whitepaper. While the security baseline does not recommend a setting, customers should consider their own data privacy and security requirements. Further information on this setting can be found here.

 

Allow local MHTML files to open automatically in Internet Explorer mode (Consider)

Internet Explorer mode will remain a necessary option for the foreseeable future. However, it does come at a security cost. Any vulnerabilities in Internet Explorer will persist into the Internet Explorer mode session within Microsoft Edge. Therefore, if your organization doesn’t require the use of MHTML files, then ensure you stay the most secure by disabling this setting. The security baseline will not yet enforce this setting as we understand many organizations are still in the transformation stage for many legacy applications. Further information on this setting can be found here.

 

Enhanced Security Mode configuration for Intranet zone sites (Consider)

This setting complements a setting we released in Microsoft Edge, version 98 (Microsoft Edge\Enhance the security state of Microsoft Edge). We still encourage you to test this setting and with the addition of this new Intranet Zone opt-out setting, enterprises now have the granular ability to opt-out Intranet sites making the feature (Enhanced Security Mode) easier to adopt. Further information on this setting can be found here.

 

Force WebSQL to be enabled (Disable)

WebSQL is a deprecated, non-standard, legacy feature that is destined to be removed from the web platform. The security baseline has explicitly disabled this policy setting; enterprises should plan to update any legacy applications that depend upon WebSQL. Further information on this setting can be found here.

 

Microsoft Edge version 107 introduced 12 new computer settings and 11 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.

 

As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.

 

Please continue to give us feedback through the Security Baseline Community or this post.

Published Nov 17, 2022
Version 1.0

8 Comments

  • Brett__  we only attach the delta spreadsheet to the blog when there is no new release of the baseline, when we have a new security baseline release the deltas are contained within the package on the download center.  We also do expire the old packages once a new one is released as the latest is always the most authoritative.

  • Brett__'s avatar
    Brett__
    Copper Contributor

    Rick_Munck - Is "the package" the "microsoft security compliance toolkit"?  There don't appear to be historical versions of that; it's same download ID linked from every baseline blog, with content updated each time.  Currently contains the v111-v112 differences spreadsheet. Please link me elsewhere if I've lost the plot. 🙂

     

    I've noticed the singular toolkit bundle methodology since I started reading these blogs, and historically have simply taken the difference-spreadsheet directly from the blog itself, however v107's attachment was omitted. (Also missing from v112's too I see, but I've already grabbed that from the latest security compliance toolkit bundle.)

  • Brett__'s avatar
    Brett__
    Copper Contributor

    Where is the "MSFT Edge v106 to v107 New Settings.xlsx" attachment/link.

  • Manuel Siegert 

    I have confirmed with the security baselines PM for Intune the following:

     

    We are planning to release the updated Intune Edge baseline in late Q1/early Q2 of '23 with the other updated security baselines to follow shortly. The delays in the Edge baseline + other security baselines were attributed to one-time internal dependency that currently has a fix that is soon to be deployed. We will be back on our regular release schedule next year, so we do not anticipate this being a reoccurring issue where there is a large amount of time between the initial "product" Security Baseline release & the Intune release. We truly apologize for how long it has taken us to solve for these delays, but you will be seeing more information soon regarding the upcoming release of the new security baselines.