Security baseline for Microsoft Edge, version 89

Published 03-04-2021 02:24 PM 4,811 Views
Microsoft

We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge, version 89!

 

We have reviewed the new settings in Microsoft Edge version 89 and determined that there are no additional security settings that require enforcement. The settings from the Microsoft Edge version 88 package continues to be our recommended baseline. That baseline package can be downloaded from the Microsoft Security Compliance Toolkit.

 

Microsoft Edge version 89 introduced 8 new computer settings, 8 new user settings. We have attached a spreadsheet listing the new settings to make it easier for you to find them.

 

As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.

 

Please continue to give us feedback through the Security Baselines Discussion site or this post.

5 Comments
Senior Member

I've been doing battle with a recommendation in the baseline that doesn't have an override for trusted sites.

The baseline recommends "Configure Microsoft Defender SmartScreen to block potentially unwanted apps" set to Enabled, as well as the settings so it can't be bypassed.

I was trying to download an executable for a vendor that was getting blocked by the SmartScreen download policy. I added the download URL to "Configure the list of domains for which Microsoft SmartScreen won't trigger warnings" but that did not allow the download to continue. 

 

Currently the workaround is 'use Chrome' but is there a way to allow a specific domain/URL to bypass the SmartScreen download block?

Microsoft

@GavinHW sorry just now seeing your post.  Are you running Microsoft Defender for Enterprise (formally MDATP) by chance.  The above setting you mention should allow the download.  Also are you sure the actual download is coming from the same domain and not hosted in a content distribution farm?

Visitor

Could someone please explain why the title says Edge 89, but when I try to download the file, it downloads Edge 88?

I see the attached doc on the website. Should I just add those reg keys if needed?

 

Thanks!

Microsoft

@sebv1415 version 89 had no new security settings, therefor the version 88 security baseline is still current (which is what is on the Download Center).  What is attached to this blog are the net new settings that are available in version 89 to make it easier for IT Pros to find them.

Visitor

Hello,

 

Since adding the Edge Baseline.. I am no longer able to access my wireless controller most likely due to the authetication.

 

The site I navigate to is - http://IP.address

 

When I try to navigate to my WLC's GUI, I get the following error once I attempt to log in...

401 Unauthorized<script language="javascript">var agt=navigator.userAgent.toLowerCase();if (agt.indexOf("msie") != -1) {document.execCommand("ClearAuthenticationCache");top.location = "/";}</script>

 Does anyone know what settings need to be changed to allow log-ins?

I have tried a few and have not been able to get the login prompt.

 

Thanks

%3CLINGO-SUB%20id%3D%22lingo-sub-2186265%22%20slang%3D%22en-US%22%3ESecurity%20baseline%20for%20Microsoft%20Edge%2C%20version%2089%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2186265%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20pleased%20to%20announce%20the%20enterprise-ready%20release%20of%20the%20security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20reviewed%20the%20new%20settings%20in%20Microsoft%20Edge%20version%2089%20and%20determined%20that%20there%20are%20no%20additional%20security%20settings%20that%20require%20enforcement.%20The%20settings%20from%20the%20Microsoft%20Edge%20version%2088%20package%20continues%20to%20be%20our%20recommended%20baseline.%20That%20baseline%20package%20can%20be%20downloaded%20from%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Fid%3D55319%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Security%20Compliance%20Toolkit%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20Edge%20version%2089%20introduced%208%20new%20computer%20settings%2C%208%20new%20user%20settings.%20We%20have%20attached%20a%20spreadsheet%20listing%20the%20new%20settings%20to%20make%20it%20easier%20for%20you%20to%20find%20them.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20a%20friendly%20reminder%2C%20all%20available%20settings%20for%20Microsoft%20Edge%20are%20documented%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%2C%20and%20all%20available%20settings%20for%20Microsoft%20Edge%20Update%20are%20documented%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FDeployEdge%2Fmicrosoft-edge-update-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20continue%20to%20give%20us%20feedback%20through%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Security-Baselines%2Fbd-p%2FSecurity-Baselines%22%20target%3D%22_blank%22%3ESecurity%20Baselines%20Discussion%20site%3C%2FA%3E%20or%20this%20post.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2186265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Edge%20v89.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F261021i6826C34DE2ACA6C1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Edge%20v89.png%22%20alt%3D%22Edge%20v89.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20pleased%20to%20announce%20the%20enterprise-ready%20release%20of%20the%20security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2188012%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2188012%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20been%20doing%20battle%20with%20a%20recommendation%20in%20the%20baseline%20that%20doesn't%20have%20an%20override%20for%20trusted%20sites.%3C%2FP%3E%3CP%3EThe%20baseline%20recommends%20%22Configure%20Microsoft%20Defender%20SmartScreen%20to%20block%20potentially%20unwanted%20apps%22%20set%20to%20Enabled%2C%20as%20well%20as%20the%20settings%20so%20it%20can't%20be%20bypassed.%3C%2FP%3E%3CP%3EI%20was%20trying%20to%20download%20an%20executable%20for%20a%20vendor%20that%20was%20getting%20blocked%20by%20the%20SmartScreen%20download%20policy.%20I%20added%20the%20download%20URL%20to%20%22Configure%20the%20list%20of%20domains%20for%20which%20Microsoft%20SmartScreen%20won't%20trigger%20warnings%22%20but%20that%20did%20not%20allow%20the%20download%20to%20continue.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20the%20workaround%20is%20'use%20Chrome'%20but%20is%20there%20a%20way%20to%20allow%20a%20specific%20domain%2FURL%20to%20bypass%20the%20SmartScreen%20download%20block%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2211268%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2211268%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F943088%22%20target%3D%22_blank%22%3E%40GavinHW%3C%2FA%3E%26nbsp%3Bsorry%20just%20now%20seeing%20your%20post.%26nbsp%3B%20Are%20you%20running%20Microsoft%20Defender%20for%20Enterprise%20(formally%20MDATP)%20by%20chance.%26nbsp%3B%20The%20above%20setting%20you%20mention%20should%20allow%20the%20download.%26nbsp%3B%20Also%20are%20you%20sure%20the%20actual%20download%20is%20coming%20from%20the%20same%20domain%20and%20not%20hosted%20in%20a%20content%20distribution%20farm%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2245056%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2245056%22%20slang%3D%22en-US%22%3E%3CP%3ECould%20someone%20please%20explain%20why%20the%20title%20says%20Edge%2089%2C%20but%20when%20I%20try%20to%20download%20the%20file%2C%20it%20downloads%20Edge%2088%3F%3C%2FP%3E%3CP%3EI%20see%20the%20attached%20doc%20on%20the%20website.%20Should%20I%20just%20add%20those%20reg%20keys%20if%20needed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2245426%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20baseline%20for%20Microsoft%20Edge%2C%20version%2089%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2245426%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F896698%22%20target%3D%22_blank%22%3E%40sebv1415%3C%2FA%3E%26nbsp%3Bversion%2089%20had%20no%20new%20security%20settings%2C%20therefor%20the%20version%2088%20security%20baseline%20is%20still%20current%20(which%20is%20what%20is%20on%20the%20Download%20Center).%26nbsp%3B%20What%20is%20attached%20to%20this%20blog%20are%20the%20net%20new%20settings%20that%20are%20available%20in%20version%2089%20to%20make%20it%20easier%20for%20IT%20Pros%20to%20find%20them.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 04 2021 02:24 PM
Updated by: