SOLVED

Security baseline - edge

Copper Contributor

Hi pls exist list with security recommendation  ? I know exist, Microsoft Security Compliance Toolkit, but our vendor want some URL from M$ where is information about NativeMessaging. We want set Allow user-level native messaging hosts (installed without admin permissions): Disabled, but nativecomponent from vendor not want create instaler  to HKLM.... Thanx 

7 Replies

 

Thank you.
I look but there is not information about native messaging. I know i can download toolkit and look to this, but vendor want direct information in the Microsoft pages

 

Hi @Marek_G,

there is also a security benchmark for Microsoft Edge published by CIS (Center for Internet Security).

 

Regarding the native messaging, this is a good read: https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/

Maybe you also want check resources from Google since native messaging is a feature of chromium.

 

Best regards

Joe

Yeah that is the official website of Microsoft employee working on Edge
"ericlaw"

 

https://anthonyhaakit.wordpress.com/2020/01/21/recommended-enterprise-gpos-for-microsoft-edge-chromi...

this link i send vendor. But answer vendor ? "I do not know these sites and I need to see specific and relevant information from a credible source "

I want only disable user level nativemessaging level......

thanx all for answer

 

@Johannes Goerlich 

best response confirmed by Marek_G (Copper Contributor)
Solution

Confirming that the link shared by @HotCakeX (https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/) is a blog by a Microsoft Edge Principal Program Manager (Eric Lawrence / Ericlaw). He often releases blogs to fill gaps in official documentation and is a trusted source for Microsoft information.

 

1 best response

Accepted Solutions
best response confirmed by Marek_G (Copper Contributor)
Solution

Confirming that the link shared by @HotCakeX (https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/) is a blog by a Microsoft Edge Principal Program Manager (Eric Lawrence / Ericlaw). He often releases blogs to fill gaps in official documentation and is a trusted source for Microsoft information.

 

View solution in original post