"Never save password websites" group policy needed

%3CLINGO-SUB%20id%3D%22lingo-sub-1327731%22%20slang%3D%22en-US%22%3E%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1327731%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20just%20deployed%20Edge%20to%201000%2B%20devices%20in%20our%20organization%20but%20have%20discovered%20unwanted%20save%20password%20suggestions%20from%20the%20Password%20Manager.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20users%20access%20an%20internal%20webpage%20that%20uses%20some%20kind%20of%20integrated%20windows%20authentication%2FSSO%2FNTLM%2FKerberos%20etc.%20meaning%20the%20user%20is%20not%20prompted%20for%20a%20username%20and%20password%20-%20the%20password%20manager%20still%20suggests%20to%20save%20the%20username%20and%20password!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20could%20be%20many%20other%20scenarios%20in%20an%20enterprise%20where%20you%20do%20not%20wish%20passwords%20on%20certain%20internal%20(or%20external)%20websites%20to%20be%20saved%2C%20but%20allow%20it%20for%20others.%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20looks%20like%20Edge%20automatically%20populates%20a%20list%20of%20websites%20or%20URL's%20where%20passwords%20are%20%22never%20saved%22%20and%20when%20a%20website%20is%20on%20that%20list%20Edge%20doesn't%20prompt%20if%20the%20user%20want%20to%20save%20the%20password.%3CBR%20%2F%3EIt%20would%20be%20very%20useful%20for%20an%20enterprise%20to%20have%20a%20Group%20Policy%20where%20we%20could%20prepopulate%20this%20list%20with%20websites%20we%20do%20not%20want%20the%20browser%20to%20save%20passwords%20for.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20browser%20should%20of%20course%20still%20fill%20websites%20on%20this%20list%20that%20the%20user%20clicks%20%22Never%22%20to%20save%2C%20but%20so%20that%20the%20list%20could%20consist%20of%20both%20websites%20populated%20from%20the%20group%20policy%20and%20websites%20added%20by%20the%20user.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1327731%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Efeature_request%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Egpo%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Egroup_policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Enever_save%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epassword%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epassword_manager%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1349069%22%20slang%3D%22en-US%22%3ERe%3A%20%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1349069%22%20slang%3D%22en-US%22%3ECorrect%2C%20enterprises%20may%20have%20web%20pages%20with%20more%20sensitive%20data%20where%20they%20do%20not%20want%20passwords%20saved.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1349076%22%20slang%3D%22en-US%22%3ERe%3A%20%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1349076%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20could%20actually%20be%20split%20into%20two%20seperate%20posts%2Fissues.%3CBR%20%2F%3E%3CBR%20%2F%3E1.%20Why%20does%20Edge's%20Password%20Manager%20suggest%20to%20save%20the%20password%20of%20a%20website%20that%20uses%20SSO%2C%20and%20where%20the%20user%20does%20not%20input%20a%20username%20and%20password%3F%20That%20must%20be%20a%20bug.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Implement%20a%20group%20policy%20where%20enterprises%20can%20prepopulate%20the%20list%20of%20websites%20they%20do%20not%20wish%20passwords%20saved%20for.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1360104%22%20slang%3D%22en-US%22%3ERe%3A%20%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1360104%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F386193%22%20target%3D%22_blank%22%3E%40ToMMeR%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20following%20disabled%20and%20have%20never%20been%20prompted%20to%20save%20a%20password.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1140870324%22%20id%3D%22toc-hId-1140870324%22%20id%3D%22toc-hId-1140870324%22%20id%3D%22toc-hId-1140870255%22%3EPasswordManagerEnabled%3C%2FH3%3E%3CH4%20id%3D%22toc-hId-1831431798%22%20id%3D%22toc-hId-1831431798%22%20id%3D%22toc-hId-1831431798%22%20id%3D%22toc-hId-1831431729%22%3EEnable%20saving%20passwords%20to%20the%20password%20manager%3C%2FH4%3E%3CP%3E%3CSPAN%3ESupported%20Versions%3A%20Microsoft%20Edge%20on%20Windows%20and%20Mac%20since%20version%2077%20or%20later%3C%2FSPAN%3E%3C%2FP%3E%3CH5%20id%3D%22toc-hId--1772974024%22%20id%3D%22toc-hId--1772974024%22%20id%3D%22toc-hId--1772974024%22%20id%3D%22toc-hId--1772974093%22%3EDescription%3C%2FH5%3E%3CP%3E%3CSPAN%3EEnable%20Microsoft%20Edge%20to%20save%20user%20passwords.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20you%20enable%20this%20policy%2C%20users%20can%20save%20their%20passwords%20in%20Microsoft%20Edge.%20The%20next%20time%20they%20visit%20the%20site%2C%20Microsoft%20Edge%20will%20enter%20the%20password%20automatically.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20you%20disable%20this%20policy%2C%20users%20can't%20save%20new%20passwords%2C%20but%20they%20can%20still%20use%20previously%20saved%20passwords.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20you%20enable%20or%20disable%20this%20policy%2C%20users%20can't%20change%20or%20override%20it%20in%20Microsoft%20Edge.%20If%20you%20don't%20configure%20it%2C%20users%20can%20save%20passwords%2C%20as%20well%20as%20turn%20this%20feature%20off.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1360123%22%20slang%3D%22en-US%22%3ERe%3A%20%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1360123%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540308%22%20target%3D%22_blank%22%3E%40KrisNelson%3C%2FA%3E%26nbsp%3Bthe%20problem%20is%20that%20our%20users%20wish%20to%20use%20the%20password%20manager%20for%20some%20external%20websites.%20If%20use%20the%20policy%20you%20mentioned%20we%20completely%20disable%20the%20password%20manager%20so%20they%20cannot%20save%20new%20passwords.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20would%20like%20our%20users%20to%20actively%20use%20the%20password%20manager%2C%20but%20predefine%20certain%20internal%20websites%20where%20we%20do%20not%20wish%20the%20password%20saved.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386241%22%20slang%3D%22en-US%22%3ERe%3A%20%22Never%20save%20password%20websites%22%20group%20policy%20needed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386241%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F386193%22%20target%3D%22_blank%22%3E%40ToMMeR%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%20Suggestion%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAgree%20on%20this...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We just deployed Edge to 1000+ devices in our organization but have discovered unwanted save password suggestions from the Password Manager.

 

When users access an internal webpage that uses some kind of integrated windows authentication/SSO/NTLM/Kerberos etc. meaning the user is not prompted for a username and password - the password manager still suggests to save the username and password!

 

There could be many other scenarios in an enterprise where you do not wish passwords on certain internal (or external) websites to be saved, but allow it for others.

It looks like Edge automatically populates a list of websites or URL's where passwords are "never saved" and when a website is on that list Edge doesn't prompt if the user want to save the password.
It would be very useful for an enterprise to have a Group Policy where we could prepopulate this list with websites we do not want the browser to save passwords for.

The browser should of course still fill websites on this list that the user clicks "Never" to save, but so that the list could consist of both websites populated from the group policy and websites added by the user.

5 Replies
Correct, enterprises may have web pages with more sensitive data where they do not want passwords saved.

This could actually be split into two seperate posts/issues.

1. Why does Edge's Password Manager suggest to save the password of a website that uses SSO, and where the user does not input a username and password? That must be a bug.

 

2. Implement a group policy where enterprises can prepopulate the list of websites they do not wish passwords saved for.

@ToMMeR 

 

I have the following disabled and have never been prompted to save a password.

 

PasswordManagerEnabled

Enable saving passwords to the password manager

Supported Versions: Microsoft Edge on Windows and Mac since version 77 or later

Description

Enable Microsoft Edge to save user passwords.

If you enable this policy, users can save their passwords in Microsoft Edge. The next time they visit the site, Microsoft Edge will enter the password automatically.

If you disable this policy, users can't save new passwords, but they can still use previously saved passwords.

If you enable or disable this policy, users can't change or override it in Microsoft Edge. If you don't configure it, users can save passwords, as well as turn this feature off.

@KrisNelson the problem is that our users wish to use the password manager for some external websites. If use the policy you mentioned we completely disable the password manager so they cannot save new passwords.

We would like our users to actively use the password manager, but predefine certain internal websites where we do not wish the password saved.

@ToMMeR 

 

Good Suggestion

 

Agree on this...