We are pleased to announce the draft security baseline for the initial stable release of the new Microsoft Edge! Please review the security baseline (DRAFT) for Microsoft Edge version 79, and send us your feedback through the Baselines Discussion site.
What are security baselines?
Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be completely different from another organization. For example, an e-commerce company may focus on protecting its Internet-facing web apps, while a hospital may focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure.
A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
Why are security baselines needed?
Security baselines are an essential benefit to your organization because they bring together expert knowledge from Microsoft, partners, and customers.
For example, there are 200+ Microsoft Edge Group Policy settings for Windows. Of these settings, only some are security-related. Although Microsoft provides extensive guidance on these policies, exploring each one can take a long time. You would have to determine the security impact of each setting on your own. Then, you would still need to determine the appropriate value for each setting.
In modern organizations, the security threat landscape is constantly evolving, and IT administrators and policy-makers must keep up with security threats and make required changes to Microsoft Edge security settings to help mitigate these threats. To enable faster deployments and make managing Microsoft Edge easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects backups.
Security baseline principles
As with our current Windows and Office security baselines, our recommendations for Microsoft Edge configuration follow a streamlined and efficient approach to baseline definition when compared with the baselines we published before Windows 10. The foundation of that approach is essentially this:
- The baselines are designed for well-managed, security-conscious organizations in which standard end users do not have administrative rights.
- A baseline enforces a setting only if it mitigates a contemporary security threat and does not cause operational issues that are worse than the risks they mitigate.
- A baseline enforces a default only if it is otherwise likely to be set to an insecure state by an authorized user:
- If a non-administrator can set an insecure state, enforce the default.
- If setting an insecure state requires administrative rights, enforce the default only if it is likely that a misinformed administrator will otherwise choose poorly.
(For further explanation, see the “Why aren’t we enforcing more defaults?” section in this blog post.)
How can you use security baselines?
You can use security baselines to:
- Ensure that user and device configuration settings are compliant with the baseline.
- Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline.
Download the security baselines
For version 78, see Security baseline (DRAFT) for Chromium-based Microsoft Edge, version 78.
For version 79, see Security baseline (DRAFT) for Chromium-based Microsoft Edge, version 79.
Learn about Microsoft Edge in the enterprise
Check out our Microsoft Edge enterprise documentation to learn more about deploying and managing the next version of Microsoft Edge.
– Forbes Higman, Program Manager, Microsoft Edge enterprise security
– Brian Altman, Program Manager, Microsoft Edge manageability