Blog Post

Microsoft Security Baselines Blog
2 MIN READ

Security baseline for Microsoft Edge version 128

Rick_Munck's avatar
Rick_Munck
Icon for Microsoft rankMicrosoft
Sep 05, 2024

 

We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 128!

 

 

We have reviewed the settings in Microsoft Edge version 128 and updated our guidance with the addition of two settings and the removal of two settings. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the new package from the Security Compliance Toolkit.

 

 

Dynamic Code Settings (Added)

 

This setting is part of our long-term strategy to prevent potentially-risky third-party code from interacting with the browser process by enabling Arbitrary Code Guard.  Any attempts from third-party software to inject into Edge after start-up will fail. Note: there could potentially be an application compatibility impact to this change for environments where 3rd-party code is used for accessibility or other purposes. It is recommended to test with a subset of users before broad deployment.

 

 

Enable Application Bound Encryption (Added)

 

InfoStealer attacks (ones that harvests sensitive data) are on the rise, this setting will pair the encryption from the local data storage directly to Microsoft Edge. By enforcing this setting, the enterprise protects against a malicious app trying to obtain the encryption keys.

 

 

The following settings have been removed due to deprecation:

 

Microsoft Edge\Enhance images enabled

 

Microsoft Edge\Force WebSQL to be enabled

 

 

Microsoft Edge version 128 introduces 7 new computer settings and 7 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.

 

 

As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.

 

 

Please continue to give us feedback through the Security Baseline Community or in comments on this post.

 

Updated Sep 05, 2024
Version 1.0
  • "Dynamic Code Settings: prevent the browser from creating dynamic code" prevents our users from printing to Ricoh printers. HP printers in our environment are uninfected.

  • Nygrens's avatar
    Nygrens
    Copper Contributor

    "Dynamic Code Settings: prevent the browser from creating dynamic code" and it also prevents our users from printing to our Konica Minolta printers and the Epson printers.

  • MZONDERLAND Thank you for your comment! The updated Intune baseline is currently in development and will be available in Intune with our 2411 release. The delay is due to our focus on ensuring the reliability and stability of the baselines within the Intune platform. Please keep an eye on the Intune What's New page for updates, as the baseline will be released in the coming months!

    • jhcdoc's avatar
      jhcdoc
      Copper Contributor

      Hi Julia - with the Intune 2411 release now live, is the Edge security baseline ready to upgrade from version 117? I'm not yet seeing this available yet within our tenant. Thanks!

  • MZONDERLAND we just turned over the baseline to the Intune team. I cannot say for certain their timeline but I know they are tracking the revision.

  • MichaelOliv's avatar
    MichaelOliv
    Iron Contributor

    Thanks.

    Do you have the spreadsheet with new settings please? I don't find it.

  • Vu1turE's avatar
    Vu1turE
    Copper Contributor

    Maybe it's me, but I'm not seeing the excel sheet on this one....