We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge, version 102!
We have reviewed the new settings in Microsoft Edge version 102 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 98 package continues to be our recommended baseline. That baseline package can be downloaded from the Microsoft Security Compliance Toolkit.
There are 2 settings we would like to call out, Enable the network service sandbox and List of origins that allow all HTTP authentication
Enable the network service sandbox (Consider Testing)
This policy controls whether the network service process runs sandboxed. Sandboxing of the network service will reduce security risks, however we are not ready to enforce this setting yet. In the future, sandboxing of the network service will be enabled by default and required by the security baseline, but for now please test turning the policy on and see if anything breaks in your environment, specifically in the application compatibility arena. If you experience any issues, please talk to your Antivirus/security-software vendor and mention this policy setting.
List of origins that allow all HTTP authentication (Worth Mentioning)
The last time we discussed HTTP authentication was with version 88. Since then, admins have asked for more granularity. With version 102, this policy provides a way for Enterprises to safely deploy an existing lockdown policy (AuthSchemes) to turn off legacy schemes (e.g. Basic and Digest) while still allowing the use of those legacy schemes on individually-listed websites. That means, for instance, and admin can now set a configuration of “My users cannot use ‘Basic’ auth except on https://crustyoldservicegettingreplacedsoon.contoso.intranet”. This wasn’t possible before—if you needed to allow a legacy auth scheme for any site, you had to allow it for every site.
Microsoft Edge version 102 introduced 7 new computer settings and 7 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.
As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.