%3CLINGO-SUB%20id%3D%22lingo-sub-1417634%22%20slang%3D%22en-US%22%3ESecurity%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1417634%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20is%20pleased%20to%20announce%20the%20enterprise-ready%20release%20of%20the%20security%20baseline%20for%20v83%20of%20Microsoft%20Edge.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20reviewed%20the%20new%20settings%20in%20version%2083%20of%20Microsoft%20Edge%20and%20determined%20that%20no%20new%20security%20settings%20are%20required.%20The%20settings%20recommended%20in%20the%20version%2080%20baseline%20will%20continue%20to%20be%20the%20security%20baseline%20for%20version%2083!%20This%20means%20we%20will%20not%20be%20releasing%20our%20typical%20package.%20We%20continue%20to%20welcome%20feedback%20through%20the%20-ERR%3AREF-NOT-FOUND-Baselines%20Discussion%20site.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EVersion%2083%20of%20Microsoft%20Edge%20adds%2019%20new%20computer-%20and%20user-based%20settings.%20There%20are%20now%20311%20enforceable%20Computer%20Configuration%20policy%20settings%20and%20286%20User%20Configuration%20policy%20settings.%20Using%20our%20streamlined%20approach%2C%20our%20baseline%20remains%20at%20%3CSTRONG%3E12%3C%2FSTRONG%3E%20Group%20Policy%20settings.%20We%20have%20attached%20a%20spreadsheet%20with%20the%20new%20settings%20to%20make%20it%20easier%20for%20you%20to%20find%20them.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20version%2080%20package%20continues%20to%20be%20available%20as%20part%20of%20the%20-ERR%3AREF-NOT-FOUND-Security%20Compliance%20Toolkit.%20Like%20all%20our%20baseline%20packages%2C%20this%20package%20includes%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EImportable%20GPOs%3C%2FLI%3E%0A%3CLI%3EA%20script%20to%20apply%20the%20GPOs%20to%20local%20policy%3C%2FLI%3E%0A%3CLI%3EA%20script%20to%20import%20the%20GPOs%20into%20Active%20Directory%20Group%20Policy%3C%2FLI%3E%0A%3CLI%3EA%20spreadsheet%20documenting%20all%20recommended%20settings%20in%20spreadsheet%20form%20(minus%20the%20version%2083%20settings%20that%20are%20attached%20to%20this%20blog)%3C%2FLI%3E%0A%3CLI%3EPolicy%20Analyzer%20rules%3C%2FLI%3E%0A%3CLI%3EGP%20Reports%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIn%20case%20you%20aren%E2%80%99t%20aware%2C%20all%20the%20available%20settings%20for%20Microsoft%20Edge%20are%20documented%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%26nbsp%3B%20Additionally%2C%20Microsoft%20Edge%20Update%20settings%20are%20documented%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-update-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20ask%20to%20the%20community%2C%20we%20are%20trying%20to%20determine%20how%20often%20we%20should%20update%20the%20baseline%20package%20on%20the%20Download%20Center%20for%20Microsoft%20Edge%20if%20new%20security%20settings%20have%20not%20been%20added%20and%20would%20like%20your%20feedback.%26nbsp%3B%20Do%20you%20think%20we%20should%20update%20it%20quarterly%2C%20just%20to%20keep%20it%20fresh%2C%20or%20only%20when%20new%20settings%20get%20added%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1417634%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20is%20pleased%20to%20announce%20the%20enterprise-ready%20release%20of%20the%20security%20baseline%20for%20v83%20of%20Microsoft%20Edge.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1418093%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1418093%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%26nbsp%3BThanks%20very%20much.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1418244%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1418244%22%20slang%3D%22en-US%22%3E%3CP%3ECool%20and%20thank%20you%20for%20sharing%2C%20it%20is%20very%20essentials%20for%20companies%20since%20browser%20plays%20key%20role%20in%20their%20day%20to%20day%20tasks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1431007%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1431007%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%3A%20Could%20you%20let%20me%20know%20if%20any%20tentative%20timelines%20when%20Edgev83%20Security%20Baseline%20%2F%20Security%20Compliance%20Toolkit%20would%20be%20released%20and%20for%20Windows%2010%202004%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1431319%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1431319%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F685428%22%20target%3D%22_blank%22%3E%40SaiRG%3C%2FA%3E%26nbsp%3Bsorry%20not%20sure%20I%20understand%20the%20question%20regarding%20Edge%20v83%2C%20can%20you%20please%20clarify.%26nbsp%3B%20As%20for%20v2004%20please%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-baselines%2Fsecurity-baseline-draft-windows-10-and-windows-server-version%2Fba-p%2F1419213%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-baselines%2Fsecurity-baseline-draft-windows-10-and-windows-server-version%2Fba-p%2F1419213%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1488559%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1488559%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%20is%20it%20possible%20to%20get%20the%20chromium%20edge%20v83%20baseline%20as%20a%20spreadsheet%20showing%20each%20policy%20with%20the%20recommended%2Fdefault%20setting%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1488728%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1488728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F709949%22%20target%3D%22_blank%22%3E%40mike_oke%3C%2FA%3E%26nbsp%3Bthere%20have%20been%20no%20changes%20to%20the%20settings%20since%20version%2080.%26nbsp%3B%20We%20provide%20the%20delta%20sheets%20in%20v81%20-%20v83%20that%20can%20be%20merged%20in%20if%20you%20are%20looking%20for%20the%20total%20settings%20available%20list%20but%20since%20there%20hasn't%20been%20a%20need%20to%20regenerate%20the%20package%20we%20have%20maintained%20this%20approach.%26nbsp%3B%20We%20are%20however%20looking%20to%20possibly%20refresh%20the%20entire%20package%20with%20version%2085%2C%20regardless%20if%20there%20are%20new%20settings%20or%20not.%26nbsp%3B%20Will%20know%20more%20after%20we%20get%20v84%20out%20the%20door.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1497859%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1497859%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20you%20update%20the%20Windows%2010%20baseline%20every%206%20months%20-%20release%20this%20at%20the%20same%20time%3F%26nbsp%3B%20So%20update%20every%206%20months%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1498337%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1498337%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F171365%22%20target%3D%22_blank%22%3E%40Jon%20Sabberton%3C%2FA%3E%26nbsp%3Bthat%20makes%20sense%20and%20I%20like%20that%20approach.%26nbsp%3B%20So%20if%20no%20new%20security%20settings%20are%20added%20in%20an%20Edge%20version%20we%20will%20hold%20on%20refreshing%20the%20package%20until%20the%20next%20Windows%20release.%26nbsp%3B%20Let%20me%20run%20with%20that%20and%20see%20if%20we%20get%20buy-in%20for%20that%20approach.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503038%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503038%22%20slang%3D%22en-US%22%3E%3CP%3EIve%20configured%20many%20policies%20but%20the%20one%20i%20do%20not%20see%20is%20the%20ability%20to%20%22set%20sync%20as%20mandatory%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20avoid%20users%20having%20the%20need%20to%20turn%20it%20on%20or%20off%20on%20first%20launch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EE.g.%20i%20want%20them%20the%20GPO%20to%20skip%20this%20screen%20and%20turn%20%3CSTRONG%3EON%3C%2FSTRONG%3E%20by%20default%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Davidj840_0-1593708405828.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202915iE2703857BAE97D62%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Davidj840_0-1593708405828.png%22%20alt%3D%22Davidj840_0-1593708405828.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1504726%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504726%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F704489%22%20target%3D%22_blank%22%3E%40Davidj840%3C%2FA%3E%26nbsp%3BYou%20can%20configure%20sync%20using%20the%20guidance%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23hidefirstrunexperience%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Edge%20Browser%20Sync%20Settings%3C%2FA%3E%26nbsp%3B(The%20settings%20to%20hide%20the%20first%20run%20experience%20are%20managed%20in%20conjunction%20with%20the%20'HideFirstRunExperience'%20policy.)%20That%20will%20allow%20you%20to%20hide%20the%20'launch%20experience'%20for%20your%20users.%20(In%20testing%20it%20has%20worked%20great%20for%20me.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%26nbsp%3BUpdating%20it%20without%20any%20updates%20to%20the%20policies%20just%20makes%20work%20for%20AD%20teams%20and%20Security%20Operations%20Teams%20and%20ISSOs%20to%20review%20and%20manage%20for%20no%20benefit.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThat%20being%20said%2C%20a%20reference%20link%20with%20the%20information%20and%20documenting%20the%20last%20update%20and%3CSPAN%3E%26nbsp%3Bpolicies%20with%20a%20%E2%80%9CThis%20covers%20the%20currently%20available%20configurations%20and%20recommendations%20for%20versions%20X%20to%20Y%20of%20Microsoft%20Edge%20and%20available%20Policies%20have%20not%20changed%20since%20version%20Z%E2%80%9D%20would%20be%20useful.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1504752%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504752%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20Edge%20keeps%20improving%20and%20we%20need%20to%20observe%20%2C%20but%20we%20prefer%20to%20receive%20updates%20through%20update%20interface%20and%20like%20see%20a%20message%20that%20new%20update%20is%20available.%20It%20would%20be%20better%20to%20have%20an%20application%20for%20this%20and%20it%20gets%20update.%3C%2FP%3E%3CP%3EWe%20are%20also%20looking%20forward%20for%20more%20interactive%20discussion%20on%20Security%20baseline.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505096%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505096%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F314857%22%20target%3D%22_blank%22%3E%40TheOtherJosh%3C%2FA%3E%26nbsp%3Bthanks%20for%20this!%20Did%20you%20manage%20to%20get%20around%20the%20screen%20for%20whether%20the%20user%20wants%20to%20sync%20or%20not%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EId%20like%20to%20%22enforce%20sync%22%20so%20the%20user%20doesnt%20have%20a%20choice...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Davidj840_0-1594027387155.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F203471iAB0AA7EEB0FA9442%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Davidj840_0-1594027387155.png%22%20alt%3D%22Davidj840_0-1594027387155.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505195%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505195%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F314857%22%20target%3D%22_blank%22%3E%40TheOtherJosh%3C%2FA%3E%26nbsp%3Bwe%20definitely%20dont%20want%20to%20cause%20churn%20for%20the%20sake%20of%20it%20which%20is%20why%20we%20are%20cautious%20on%20how%20to%20approach%20updates%20to%20the%20Edge%20baseline.%26nbsp%3B%20We%20were%20hoping%20this%20blog%20would%20be%20sufficient%20when%20there%20are%20no%20changes%20but%20it%20might%20not%20be%20the%20case...%26nbsp%3B%20We%20will%20continue%20to%20chew%20on%20this%20feedback%20and%20try%20to%20come%20up%20with%20something.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3Bwe%20will%20not%20be%20making%20this%20into%20an%20app%2C%20sorry.%26nbsp%3B%20We%20divested%20from%20the%20old%20SCM%20for%20many%20reasons%20(an%20app%20being%20one%20of%20them).%26nbsp%3B%20This%20framework%20provide%20us%20and%20other%20teams%20(recent%20examples%3A%20Windows%20Update%20and%20Telemetry)%20the%20ability%20to%20release%20quicker%20and%20with%20far%20less%20dependencies.%26nbsp%3B%20Down%20the%20road%20maybe%20you%20will%20see%20an%20updated%20website%20with%20some%20indicators%20but%20for%20now%20we%20have%20this%20framework.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505297%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505297%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%26nbsp%3Bwell%20I%20was%20actually%20referring%20to%20something%20similar%20to%20SCM%2C%20it%20was%20nice%20but%20as%20you%20said%20being%20app%2C%20we%20need%20to%20install%20it%20and%20it%20need%20SQL%20Server%20but%20with%20new%20download%2C%20it%20is%20quick%20and%20easy%20and%20could%20run%20on%20any%20device.%20However%2C%20it%20would%20have%20been%20nice%20if%20there%20was%20some%20sort%20of%20integrated%20app%20inside%20Windows%20Server%20or%20Configuration%20Manager%20and%20it%20gets%20regular%20updates.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505490%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505490%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272514%22%20target%3D%22_blank%22%3E%40Rick_Munck%3C%2FA%3E%26nbsp%3Bcan%20we%20have%20a%20page%20on%20the%20technical%20documentation%20with%20a%20reference%20to%20the%20baselines%20recommendations%2C%20or%20a%20%E2%80%9Cthe%20baseline%20recommendations%20are%20located%20at%20this%20download%20link%20and%20there%20have%20been%20no%20changes%20to%20the%20recommendations%20since%20X%20version%E2%80%9D%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505816%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505816%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F314857%22%20target%3D%22_blank%22%3E%40TheOtherJosh%3C%2FA%3E%26nbsp%3Bwhat%20about%20at%20the%20bottom%20of%20this%20page%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-security-baselines%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-security-baselines%3C%2FA%3E)%20for%20versioning%3F%26nbsp%3B%20Trying%20to%20keep%20it%20on%20a%20page%20we%20own%20so%20we%20don't%20have%20to%20cross%20teams...%26nbsp%3B%20Thoughts%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1526561%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%20v83%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1526561%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20wondering%20if%20the%20location%20for%20the%20enterprise%20site%20mode%20list%20(IE%20mode)%20being%20located%20at%20an%20https%3A%2F%2F%20location%20will%20be%20included%20in%20the%20baseline%2C%20if%20indeed%20it's%20recommended%20this%20way%20due%20to%20security%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Microsoft is pleased to announce the enterprise-ready release of the security baseline for v83 of Microsoft Edge.

 

We have reviewed the new settings in version 83 of Microsoft Edge and determined that no new security settings are required. The settings recommended in the version 80 baseline will continue to be the security baseline for version 83! This means we will not be releasing our typical package. We continue to welcome feedback through the Baselines Discussion site.

 

Version 83 of Microsoft Edge adds 19 new computer- and user-based settings. There are now 311 enforceable Computer Configuration policy settings and 286 User Configuration policy settings. Using our streamlined approach, our baseline remains at 12 Group Policy settings. We have attached a spreadsheet with the new settings to make it easier for you to find them.

 

The version 80 package continues to be available as part of the Security Compliance Toolkit. Like all our baseline packages, this package includes:

  • Importable GPOs
  • A script to apply the GPOs to local policy
  • A script to import the GPOs into Active Directory Group Policy
  • A spreadsheet documenting all recommended settings in spreadsheet form (minus the version 83 settings that are attached to this blog)
  • Policy Analyzer rules
  • GP Reports

In case you aren’t aware, all the available settings for Microsoft Edge are documented here.  Additionally, Microsoft Edge Update settings are documented here.

 

One ask to the community, we are trying to determine how often we should update the baseline package on the Download Center for Microsoft Edge if new security settings have not been added and would like your feedback.  Do you think we should update it quarterly, just to keep it fresh, or only when new settings get added?

17 Comments
New Contributor

@Rick_Munck Thanks very much.

Super Contributor

Cool and thank you for sharing, it is very essentials for companies since browser plays key role in their day to day tasks.

Occasional Visitor

@Rick_Munck: Could you let me know if any tentative timelines when Edgev83 Security Baseline / Security Compliance Toolkit would be released and for Windows 10 2004 as well.

Microsoft

@SaiRG sorry not sure I understand the question regarding Edge v83, can you please clarify.  As for v2004 please see https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-draft-windows-...

Occasional Visitor

@Rick_Munck is it possible to get the chromium edge v83 baseline as a spreadsheet showing each policy with the recommended/default setting?

Microsoft

@mike_oke there have been no changes to the settings since version 80.  We provide the delta sheets in v81 - v83 that can be merged in if you are looking for the total settings available list but since there hasn't been a need to regenerate the package we have maintained this approach.  We are however looking to possibly refresh the entire package with version 85, regardless if there are new settings or not.  Will know more after we get v84 out the door.

Microsoft

When you update the Windows 10 baseline every 6 months - release this at the same time?  So update every 6 months?

Microsoft

Thanks @Jon Sabberton that makes sense and I like that approach.  So if no new security settings are added in an Edge version we will hold on refreshing the package until the next Windows release.  Let me run with that and see if we get buy-in for that approach.

New Contributor

Ive configured many policies but the one i do not see is the ability to "set sync as mandatory"

 

I want to avoid users having the need to turn it on or off on first launch.

 

E.g. i want them the GPO to skip this screen and turn ON by default:

 

Davidj840_0-1593708405828.png

Any ideas?

 

Occasional Contributor

@Davidj840 You can configure sync using the guidance from Microsoft Edge Browser Sync Settings (The settings to hide the first run experience are managed in conjunction with the 'HideFirstRunExperience' policy.) That will allow you to hide the 'launch experience' for your users. (In testing it has worked great for me.)

 

@Rick_Munck Updating it without any updates to the policies just makes work for AD teams and Security Operations Teams and ISSOs to review and manage for no benefit.


That being said, a reference link with the information and documenting the last update and policies with a “This covers the currently available configurations and recommendations for versions X to Y of Microsoft Edge and available Policies have not changed since version Z” would be useful.

Super Contributor

Microsoft Edge keeps improving and we need to observe , but we prefer to receive updates through update interface and like see a message that new update is available. It would be better to have an application for this and it gets update.

We are also looking forward for more interactive discussion on Security baseline.

New Contributor

@TheOtherJosh thanks for this! Did you manage to get around the screen for whether the user wants to sync or not?

 

Id like to "enforce sync" so the user doesnt have a choice...

 

Davidj840_0-1594027387155.png

 

Microsoft

@TheOtherJosh we definitely dont want to cause churn for the sake of it which is why we are cautious on how to approach updates to the Edge baseline.  We were hoping this blog would be sufficient when there are no changes but it might not be the case...  We will continue to chew on this feedback and try to come up with something.

 

@Reza Ameri we will not be making this into an app, sorry.  We divested from the old SCM for many reasons (an app being one of them).  This framework provide us and other teams (recent examples: Windows Update and Telemetry) the ability to release quicker and with far less dependencies.  Down the road maybe you will see an updated website with some indicators but for now we have this framework.

Super Contributor

@Rick_Munck well I was actually referring to something similar to SCM, it was nice but as you said being app, we need to install it and it need SQL Server but with new download, it is quick and easy and could run on any device. However, it would have been nice if there was some sort of integrated app inside Windows Server or Configuration Manager and it gets regular updates.

Occasional Contributor

@Rick_Munck can we have a page on the technical documentation with a reference to the baselines recommendations, or a “the baseline recommendations are located at this download link and there have been no changes to the recommendations since X version”?

Microsoft

@TheOtherJosh what about at the bottom of this page (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines) for versioning?  Trying to keep it on a page we own so we don't have to cross teams...  Thoughts?

Contributor

Just wondering if the location for the enterprise site mode list (IE mode) being located at an https:// location will be included in the baseline, if indeed it's recommended this way due to security?