Nov 25 2020 07:02 AM
Hello,
I'm trying to understand why Edge IE Mode is reporting that a new article on our SharePoint is "Not Secure".
Opening the article under IE, Chrome or Edge (without IE Mode) doesn't give the error so only IE Mode think that something is wrong.
The only thing I see using Fiddler is a "HTTP/1.1 416 Requested Range Not Satisfiable" message about a video embedded in the page, could this be the issue?
Should be nice to have a troubleshooting tool for IE Mode as we can't start the developer tools
Gerald
Nov 25 2020 11:58 AM
@Gerald_Mathieu Thanks for reaching out! It sounds like you might be encountering a similar issue to something that was discussed here recently. Would you be able to take a look at IE Mode - Not Secure for internal websites - Microsoft Tech Community?
Another possibility, since you mentioned a video on the page, might be related to mixed content. We had this policy which is now deprecated: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#strictermixedcontenttreatmentena...
-Kelly
Nov 25 2020 01:25 PM - edited Nov 25 2020 01:27 PM
@Kelly_Y I already tested the first link and it doesn't work with our issue.
If I understand correctly the explanation, this is used to hide the "Not Secure" message on websites that can't or don't use TLS.
I don't want to hide it, I want to know why only IE mode report that this new article is "Not Secure" on the SharePoint, who is using TLS and has a valid certificate because it will happen again.
Maybe something you can report to the PG it that it's a bit disturbing to have your browser pretending that your site is not secure but when you click on the error, you see nothing that explain why you have this error.
Nov 26 2020 12:29 AM
When a end user see this, he don't understand why his intranet is not secure.
We are in the middle of the migration from IE to Edge and it's not possible to promote a new Microsoft Browser if the built-in tools report errors we can't explain and that Chrome don't report.
It's hard to explain to an end user that it's because it's IE mode blablabla... The user don't care about technical issues, he just see an error and think this new browser is not reliable.
Gérald
Nov 26 2020 01:00 AM
I think I found the explanation. Using the debugging tools in Internet Explorer, I found this error, which is indeed linked to the video posted in the article:
Why is IE Mode triggering a security issue if others browsers are ignoring it?
It seems that IE mode is more strict than other browsers and this should be tuned.
The gpo can't be used here to hide the message because this is not Edge reporting the security issue but IE Mode.
Gérald
Nov 30 2020 01:50 PM
@Gerald_Mathieu Hi Gérald - Thanks for the feedback about this and the "Not Secure" message description. I've reached out to the IE Mode team and will follow up with any insights/updates from them.
-Kelly
Feb 22 2021 05:12 AM
Mar 01 2021 11:30 AM
I also have this issue. How do i get rid of the Not Secure. Main concern is our MS SharePoint Intranet site
Mar 01 2021 02:14 PM
@licensing287 @Bayram_Bostanci Hello! Just to confirm, are you both experiencing the "Not Secure" message on your internal SharePoint sites? Like the original post, does the SharePoint have a link to a video on a file:// URLs?
Thanks!
-Kelly
Mar 03 2021 12:59 AM
Hi @Kelly_Y
One of my customer has the same problem.
When can we expect an official fix from Microsoft?
My client urgently needs to replace Internet Explorer, but cannot do it, because MS Edge classifies its intranet site as insecure, despite a valid wildcard certificate.
Best,
Lucas
Aug 05 2021 02:40 PM - edited Aug 05 2021 02:44 PM
@Kelly_Y
We have the same issue. Our web application (silverlight based) runs fine on IE. When we run it on Edge (in IE mode), the address bar always shows Not Secure (and no reason is provided if I drill into that). The application still works fine. NOTE that the url in my case is a valid production endpoint with a valid server certificate that's returned (zone shown is: internet)
When running on IE, and checking into devtools > console, I see this (that seems to be a link to the silverlight install image )
SEC7111: HTTPS security is compromised by http://go.microsoft.com/fwlink/?LinkId=161376
Aug 05 2021 03:34 PM
@sundarpn @lmagoni Hello! I'm not sure if you folks are experiencing the same thing but it could be related to how the browser reacts when "Passive Mixed content" (HTTP-served images, for example) appears within a secure, HTTPS-served page.
Do you have HTTP content on your pages?
-Kelly
Sep 23 2021 07:13 AM
If you are running a Silverlight app in Edge IE mode, make sure the http: references on your home page are changed to https:. The default links to the Silverlight support pages are http: