We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge, version 104!
We have reviewed the new settings in Microsoft Edge version 104 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 98 package continues to be our recommended baseline. That baseline package can be downloaded from the Microsoft Security Compliance Toolkit.
However, there is 1 setting we would like to call out, Configure browser process code integrity guard setting.
Configure browser process code integrity guard setting (Consider Testing)
First introduced with Edge in Windows 10 version 1511, code integrity guard requires DLLs to be Microsoft, Windows Store, or WHQL-signed. With this policy in place, it will now restrict the ability to load non-Microsoft signed binaries. By default, this setting is in Audit mode until such time as we have enough data to ensure the ecosystem is compatible. Once that occurs the baseline will move to Enabled. We highly encourage customers to begin compatibility testing with this setting to account for this upcoming change. Additional details on this setting can be found here.
Microsoft Edge version 104 introduced 12 new computer settings and 12 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.
As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.
Please continue to give us feedback through the Security Baselines Discussion site or this post.
