We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 88!
We have reviewed the settings in Microsoft Edge version 88 and updated our guidance with the addition of one setting that we will explain below. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the version 88 package from the Security Compliance Toolkit.
Basic Authentication
HTTP Basic Authentication is a non-secure authentication method that relies on sending the username and password to the server in plaintext (base64). When Basic Authentication is used over non-secure HTTP connections, the credentials can be trivially stolen by others on the network.
Basic Authentication for HTTP has been configurable since Internet Explorer 7. Until now, however, there wasn't a way to configure it for Microsoft Edge. With version 88 we now have that ability and are recommending the disablement of basic authentication over HTTP. Disabling Basic Authentication over HTTP falls in line with our other security baselines where we disable this method.
Microsoft Edge version 88 introduced 17 new computer settings and 17 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.
As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.
Please continue to give us feedback through the Security Baselines Discussion site or this post.
