Hi. Let’s learn about Secure Microsoft Edge Browser using Intune Security Policies. This post will show you the easiest method to deploy Microsoft Edge browser policies. How do you deploy Microsoft Edge browser security policies for the latest version of Edge using Intune?
What is the best option, the Microsoft recommendation, and what is a community recommendation, etc? Security baseline and Edge version 112 are the 2 topics we will cover in this post. If you want to learn more about Intune security, We already have a video – Intune Security Baseline Decoded Easiest option to set up security policies for your organization.
This post will walk you through the streamlined process of deploying Microsoft Edge security policies to all your devices in just 2 minutes. By following the simple steps, you can ensure a robust and secure browsing experience across your organization.
Remember, prioritizing the security of your organization’s browsing environment is crucial in today’s threat landscape. By leveraging Microsoft Edge security policies and the power of Intune, you can fortify your defenses and protect against potential vulnerabilities.
- Intune Endpoint Security Policies Microsoft Endpoint Manager Updates
- Create Intune Settings Catalog Policy
What are Intune Security Policies?
In Intune, there are different methods to have security policies. It depends on the organization that you work for and the security team within your organization. To secure the managed devices, you need to apply the security policies to the devices.
1. There are various security standards followed by organizations.
2. Group policy settings are the most popular method to implement security policies.
3. More and more organizations are moving to Intune-based security policies to implement the security baseline
What is the Security Baseline for Microsoft Edge?
Use security baselines to apply Microsoft-recommended security configuration settings to your enrolled devices quickly. The customizable Templates are only for the Windows platform.
1. Microsoft Defender for Endpoint baseline
2. Microsoft Edge Baseline
3. Security Baseline for Windows 10 and later
4. Windows 365 Cloud PC security Baseline
What are the Options to Change or Update the Security Baseline Version?
There are options to update the security baseline, but if your existing Baseline is old, then it is impossible. There are options to review the version changes.
The updation of the Intune Baseline profile is required to remove the warning notifications.
At least one profile or policy is using a deprecated version. Microsoft recommends that you update all policies and profiles to the latest version.
What is the Reporting of Security Baseline Policies?
The reporting of security baseline policies are bit different. It is not using the latest reporting infrastructure in Intune.
1. Profile assignment status – Platform-supported devices
2. Profile assignment status – Platform support users
3. Device status
4. User status
5. Per settings status
What are the Gotchas/Catches when you Use Security Baseline Policies?
Intune Baseline Templates are not updated regularly. The settings catalog is the most up-to-date configuration available in Intune. Reporting of the Baseline profile is different.
1. Not allowed to change the Deprecated version of baseline profiles.
2. User Vs. Device-based policy deployment – Not flexible.
3. Intune Filter rules support.
Video – Secure Microsoft Edge Browser using Intune Security Policies
In this video, discuss Secure Microsoft Edge Browser using Intune Security Policies. The video also provides a demo section for deploying Microsoft Edge browser security policies in 2 minutes to all your devices.
Secure Microsoft Edge Browser using Intune Security Policies
Sign in to the Microsoft Intune admin center with your Intune administrator account. On the left side of Intune admin center, select endpoint security. Select Security Baselines from Endpoint Security.
The below window shows how to change the version of this old Microsoft Edge Baseline. There are 2 options: Accept baseline changes but keep my existing setting customizations and Accept baseline changes and discard existing setting customizations.
Note! – If you cannot find the desired security policies for Microsoft Edge in your test tenant, the baseline policies available may be outdated. In such cases, ensuring that your Intune environment is up-to-date to access the latest security policies is important.
- Select the baseline version, which we can upgrade to, and we don’t see any latest version in the drop-down; this is the first issue.
After selecting the security baseline to update to as Microsoft Edge baseline, choose a method to update the profile as Accept baseline changes but keep my existing setting customizations as shown in the below window.
- Select the Submit button from the Change Version window
The below window shows that the Baseline has been migrated, but the banner warning is not gone. Click on the security baseline for Microsoft Edge, and when I click the change version option, it shows the below message.
- “This profile requires a manual upgrade. To migrate this profile to the new version, you must create a new profile and reapply any custom settings and device assignments.”
- Click the Create button from the Change Version window
Create a Profile for Microsoft Edge Baseline
The below window helps you create a new Microsoft Edge baseline available in Intune portal, which will be updated on the 25th of May, 2023. Enter the Name as MS Edge Browser Security Policies. Enter the Description and platform.
- Click Next button
After clicking Next, the Configuration settings window will appear and show the options such as Allow configured sites to be reloaded in internet explorer mode, allow users to proceed from the HTTPS warning page, Enable browser legacy extension point blocking, etc.
Scope tags in Microsoft Intune provide administrators with a powerful tool to organize devices within their organization into logical groups or tags. These tags can be utilized to apply settings, policies, and applications selectively, tailoring them to specific users or devices.
- By leveraging scope tags, administrators gain granular control over the availability and enforcement of various configurations across their organization.
- Select Scope tags as Default.
In Microsoft Intune, granting access to an app involves assigning groups of users based on inclusion and exclusion criteria. However, it’s important to note that before posting groups to the app, you must establish the assignment type, determining how the app is made available to users.
The below Table shows the list of Security policies for Microsoft Edge Browser as per the latest updated Intune Security Baseline.
| Security policies for Microsoft Edge | Enable/Disable |
|---|---|
| Allow unconfigured sites to be reloaded in Internet Explorer mode | Disabled |
| Allow users to proceed from the HTTPS warning page | Disabled |
| Enable browser legacy extension point blocking | Enabled |
| Enable site isolation for every site | Enabled |
| Enhance images enabled | Disabled |
| Force WebSQL to be enabled | Disabled |
| Minimum TLS version enabled | Enabled |
| Minimum SSL version | Enabled |
| Show the Reload in Internet Explorer mode button in the toolbar | Disabled |
| Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context | Disabled |
| Control which extensions cannot be installed ( Extensions) | Enabled |
| Supported authentication schemes | Enabled |
| Allow user-level native messaging hosts (installed without admin permissions) | Disabled |
| Enable saving passwords to the password manager | Disabled |
| Specifies whether to allow insecure websites to make requests to more-private network endpoints | Disabled |
| Configure Microsoft Defender SmartScreen | Enabled |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | Enabled |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | Enabled |
The Review + Create tab helps you show the summary of creating a new Microsoft Edge baseline. It includes the name, Description, platform, etc. Microsoft Edge security baseline is coming from the Microsoft product group, and this is the recommendation from the Microsoft product group.
- Click on Create to create this security baseline policy for the Microsoft Edge browser.
Now you can see Version 112 in the below screenshot. Let’s quickly check the latest version of Microsoft Edge and the version of the Baseline. The latest version is Version 113 in the Edge browser, and the security version in Intune is Version 112.
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.