IE Mode "Not Secure" on some parts of intranet site

%3CLINGO-SUB%20id%3D%22lingo-sub-1931176%22%20slang%3D%22en-US%22%3EIE%20Mode%20%22Not%20Secure%22%20on%20some%20parts%20of%20intranet%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1931176%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3CBR%20%2F%3EI'm%20trying%20to%20understand%20why%20Edge%20IE%20Mode%20is%20reporting%20that%20a%20new%20article%20on%20our%20SharePoint%20is%20%22Not%20Secure%22.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EOpening%20the%20article%20under%20IE%2C%20Chrome%20or%20Edge%20(without%20IE%20Mode)%20doesn't%20give%20the%20error%20so%20only%20IE%20Mode%20think%20that%20something%20is%20wrong.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20only%20thing%20I%20see%20using%20Fiddler%20is%20a%20%22HTTP%2F1.1%20416%20Requested%20Range%20Not%20Satisfiable%22%20message%20about%20a%20video%20embedded%20in%20the%20page%2C%20could%20this%20be%20the%20issue%3F%3CBR%20%2F%3E%3CBR%20%2F%3EShould%20be%20nice%20to%20have%20a%20troubleshooting%20tool%20for%20IE%20Mode%20as%20we%20can't%20start%20the%20developer%20tools%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EGerald%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1932197%22%20slang%3D%22en-US%22%3ERe%3A%20IE%20Mode%20%22Not%20Secure%22%20on%20some%20parts%20of%20intranet%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1932197%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9090%22%20target%3D%22_blank%22%3E%40Gerald%20Mathieu%3C%2FA%3E%26nbsp%3BThanks%20for%20reaching%20out!%26nbsp%3B%20It%20sounds%20like%20you%20might%20be%20encountering%20a%20similar%20issue%20to%20something%20that%20was%20discussed%20here%20recently.%26nbsp%3B%20Would%20you%20be%20able%20to%20take%20a%20look%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fenterprise%2Fie-mode-not-secure-for-internal-websites%2Fm-p%2F1720043%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EIE%20Mode%20-%20Not%20Secure%20for%20internal%20websites%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnother%20possibility%2C%20since%20you%20mentioned%20a%20video%20on%20the%20page%2C%20might%20be%20related%20to%20mixed%20content.%26nbsp%3B%20We%20had%20this%20policy%20which%20is%20now%20deprecated%3A%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-policies%23strictermixedcontenttreatmentenabled%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-policies%23strictermixedcontenttreatmentenabled%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E-Kelly%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1932427%22%20slang%3D%22en-US%22%3ERe%3A%20IE%20Mode%20%22Not%20Secure%22%20on%20some%20parts%20of%20intranet%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1932427%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F757644%22%20target%3D%22_blank%22%3E%40Kelly_Y%3C%2FA%3E%26nbsp%3BI%20already%20tested%20the%20first%20link%20and%20it%20doesn't%20work%20with%20our%20issue.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20understand%20correctly%20the%20explanation%2C%20this%20is%20used%20to%20hide%20the%20%22Not%20Secure%22%20message%20on%20websites%20that%20can't%20or%20don't%20use%20TLS.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20don't%20want%20to%20hide%20it%2C%20I%20want%20to%20know%20why%20only%20IE%20mode%20report%20that%20this%20new%20article%20is%20%22Not%20Secure%22%20on%26nbsp%3B%20the%26nbsp%3BSharePoint%2C%20who%20is%20using%20TLS%20and%20has%20a%20valid%20certificate%20because%20it%20will%20happen%20again.%3CBR%20%2F%3E%3CBR%20%2F%3EMaybe%20something%20you%20can%20report%20to%20the%20PG%26nbsp%3B%20it%20that%20it's%20a%20bit%20disturbing%20to%20have%20your%20browser%20pretending%20that%20your%20site%20is%20not%20secure%20but%20when%20you%20click%20on%20the%20error%2C%20you%20see%20nothing%20that%20explain%20why%20you%20have%20this%20error.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,
I'm trying to understand why Edge IE Mode is reporting that a new article on our SharePoint is "Not Secure". 

Opening the article under IE, Chrome or Edge (without IE Mode) doesn't give the error so only IE Mode think that something is wrong.

The only thing I see using Fiddler is a "HTTP/1.1 416 Requested Range Not Satisfiable" message about a video embedded in the page, could this be the issue?

Should be nice to have a troubleshooting tool for IE Mode as we can't start the developer tools 

Gerald

5 Replies

@Gerald Mathieu Thanks for reaching out!  It sounds like you might be encountering a similar issue to something that was discussed here recently.  Would you be able to take a look at IE Mode - Not Secure for internal websites - Microsoft Tech Community?  

 

Another possibility, since you mentioned a video on the page, might be related to mixed content.  We had this policy which is now deprecated:  https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#strictermixedcontenttreatmentena... 

 

-Kelly

@Kelly_Y I already tested the first link and it doesn't work with our issue.

If I understand correctly the explanation, this is used to hide the "Not Secure" message on websites that can't or don't use TLS.

I don't want to hide it, I want to know why only IE mode report that this new article is "Not Secure" on  the SharePoint, who is using TLS and has a valid certificate because it will happen again.

Maybe something you can report to the PG  it that it's a bit disturbing to have your browser pretending that your site is not secure but when you click on the error, you see nothing that explain why you have this error.  


When a end user see this, he don't understand why his intranet is not secure.

2020-11-26 09_16_37-Clipboard.png

We are in the middle of the migration from IE to Edge and it's not possible to promote a new Microsoft Browser if the built-in tools report errors we can't explain and that Chrome don't report.

It's hard to explain to an end user that it's because it's IE mode blablabla... The user don't care about technical issues, he just see an error and think this new browser is not reliable.

 

Gérald

 

I think I found the explanation. Using the debugging tools in Internet Explorer, I found this error, which is indeed linked to the video posted in the article:

2020-11-26 09_54_03-Clipboard.png

 

Why is IE Mode triggering a security issue if others browsers are ignoring it? 
It seems that IE mode is more strict than other browsers and this should be tuned.
The gpo can't be used here to hide the message because this is not Edge reporting the security issue but IE Mode.

Gérald 

@Gerald Mathieu Hi Gérald - Thanks for the feedback about this and the "Not Secure" message description.  I've reached out to the IE Mode team and will follow up with any insights/updates from them.  

 

-Kelly