Thank you for sharing the details about the security review for Microsoft Edge version 124. It's reassuring to know that after the review, no additional security settings were deemed necessary for enforcement beyond the recommended configuration of version 117.

The inclusion of 14 new computer settings and 14 new user settings in version 124 is notable, and the provided spreadsheet will surely be helpful for users to navigate these changes effectively. The addition of configurable settings for Copilot is also an important update, especially considering organizational policies.

For further reference, the documentation for all available settings for Microsoft Edge and Microsoft Edge Update is appreciated. This ensures users have comprehensive resources to manage their browser configurations effectively.

Rick_Munck I followed the recommended Microsoft Edge version 117 security baseline, but I am getting an error message "Unknown policy" for WebSQLAccess, which is "Force WebSQL to be enabled". That setting is now showing as obsolete on the Edge policy page. Will that recommendation be adjusted in a future security baseline?

Hi Rick_Munck, given that both Chrome and Edge went all-in for Kyber key encapsulation in v124 and it's now enabled by default, is there a reason why there is not a recommendation to set PostQuantumKeyAgreementEnabled = 1 in the v124 baseline? Is it simply because the intent is to dispense with this policy, and so there will be no way to step-out from it?  Have I just answered my own question? 😉 

DM51673 correct, this setting is a temporary setting and will be removed in future versions of Microsoft Edge. You can enable it to test for issues and you can disable it while you resolve issues. We posted this as part of the release here: Microsoft Edge Browser Policy Documentation | Microsoft Learn

Additional details from the interwebs that might be helpful: Google Chrome's new post-quantum cryptography may break TLS connections (bleepingcomputer.com) and tldr.fail

ZGerber yes, once a new baseline is required, we will drop that setting and any others that are obsolete or deprecated.  

Hi,

In the Edge version 124.0.2478.51,file downloads from all internal http sites are affected. It giver an error stating that file can not be downloaded as it is not secure however it gives option to "Keep"  to continue download.

Found few article which states that it will be fixed via group policy "InsecureContentAllowedForUrls" but it did not work in our case.