We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge, version 103!
We have reviewed the new settings in Microsoft Edge version 103 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 98 package continues to be our recommended baseline. That baseline package can be downloaded from the Microsoft Security Compliance Toolkit.
However, there is 1 setting we would like to call out, Origin-keyed agent clustering enabled by default.
Origin-keyed agent clustering enabled by default (Consider Testing)
Historically, JavaScript could adjust the document.domain property to relax Same-Origin-Policy and allow content from different subdomains of a site to interact. This new setting will prohibit that ability and starting in version 106 will be enabled by default. We highly encourage customers to begin compatibility testing now with this setting to account for this upcoming change. In the future, the security baseline will also enforce the setting. Additional details on this setting can be found in this article.
Microsoft Edge version 103 introduced 4 new computer settings and 4 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.
As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.
Please continue to give us feedback through the Security Baselines Discussion site or this post.
