CIS Microsoft Edge L1 v1.0.1

Audit Details

Name: CIS Microsoft Edge L1 v1.0.1

Updated: 8/3/2022

Authority: CIS

Plugin: Windows

Revision: 1.0

Estimated Item Count: 62

File Details

Filename: CIS_Microsoft_Edge_v1.0.1_L1.audit

Size: 111 kB

MD5: 41612a5cba3dbf7e61c1c785d574d7dc
SHA256: 44174085c5678e34b670e152aceafd2f212fe608dcff672d1e0d48384a36f73d

Audit Items

DescriptionCategories
1.1.1 Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads'

CONFIGURATION MANAGEMENT

1.1.2 Ensure 'Allow download restrictions' is set to 'Enabled: Block potentially dangerous downloads'

CONFIGURATION MANAGEMENT

1.1.4 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

1.1.5 Ensure 'Allow importing of autofill form data' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.6 Ensure 'Allow importing of browser settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.7 Ensure 'Allow importing of home page settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.8 Ensure 'Allow importing of payment info' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.9 Ensure 'Allow importing of saved passwords' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.10 Ensure 'Allow importing of search engine settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.11 Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.15 Ensure 'Allow personalization of ads search and news by sending browsing history to Microsoft' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.16 Ensure 'Allow queries to a Browser Network Time service' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

1.1.18 Ensure 'Allow the audio sandbox to run' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.19 Ensure 'Allow user feedback' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.23 Ensure 'Allow websites to query for available payment methods' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.24 Ensure 'Allows a page to show popups during its unloading' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.26 Ensure 'Automatically import another browser's data and settings at first run' is set to 'Enabled: Disables automatic import, and the import section of the first-run experience is skipped'

CONFIGURATION MANAGEMENT

1.1.28 Ensure 'Block tracking of users' web-browsing activity' is set to 'Enabled: Balanced (Blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)'

CONFIGURATION MANAGEMENT

1.1.30 Ensure 'Clear browsing data when Microsoft Edge closes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.31 Ensure 'Clear cached images and files when Microsoft Edge closes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.32 Ensure 'Configure InPrivate mode availability' is set to 'Enabled: InPrivate mode disabled'

CONFIGURATION MANAGEMENT

1.1.34 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled'

ACCESS CONTROL

1.1.35 Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.36 Ensure 'Configure the Share experience' is set to 'Enabled: Don't allow using the Share experience'

CONFIGURATION MANAGEMENT

1.1.37 Ensure 'Continue running background apps after Microsoft Edge closes' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

1.1.38 Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'

CONFIGURATION MANAGEMENT

1.1.39 Ensure 'Delete old browser data on migration' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.40 Ensure 'Disable saving browser history' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.41 Ensure 'Disable synchronization of data using Microsoft sync services' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.42 Ensure 'DNS interception checks enabled' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.43 Ensure 'Enable AutoFill for addresses' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.44 Ensure 'Enable AutoFill for credit cards' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.45 Ensure 'Enable component updates in Microsoft Edge' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.46 Ensure 'Enable deleting browser and download history' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.47 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.49 Ensure 'Enable network prediction' is set to 'Enabled: Don't predict network actions on any network connection'

CONFIGURATION MANAGEMENT

1.1.51 Ensure 'Enable Proactive Authentication' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.52 Ensure 'Enable profile creation from the Identity flyout menu or the Settings page' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION

1.1.53 Ensure 'Enable renderer code integrity' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.54 Ensure 'Enable resolution of navigation errors using a web service' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.56 Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.57 Ensure 'Enable site isolation for every site' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.59 Ensure 'Enable usage and crash-related data reporting' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.60 Ensure 'Enable use of ephemeral profiles' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.64 Ensure 'Hide the First-run experience and splash screen' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.1.65 Ensure 'Manage exposure of local IP addresses by WebRTC' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.66 Ensure 'Notify a user that a browser restart is recommended or required for pending updates' is set to 'Enabled: Required - Show a recurring prompt to the user indicating that a restart is required'

SYSTEM AND INFORMATION INTEGRITY

1.1.67 Ensure 'Restrict exposure of local IP address by WebRTC' is set to 'Enabled: Allow public interface over http default route. This doesn't expose the local IP address'

CONFIGURATION MANAGEMENT

1.1.68 Ensure 'Send site information to improve Microsoft services' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.69 Ensure 'Set disk cache size, in bytes' is set to 'Enabled: 250609664'

AUDIT AND ACCOUNTABILITY