CIS Microsoft Edge L1 v1.1.0

Audit Details

Name: CIS Microsoft Edge L1 v1.1.0

Updated: 1/4/2023

Authority: CIS

Plugin: Windows

Revision: 1.0

Estimated Item Count: 78

File Details

Filename: CIS_Microsoft_Edge_v1.1.0_L1.audit

Size: 151 kB

MD5: 8739d4a648003c4012074bf80c0b4939
SHA256: 6fdbab6f9f07385b248d21e4ed73631c4409e2a17412fbd9f9075002a7bcb84e

Audit Items

DescriptionCategories
1.2.1 Ensure 'Enable Google Cast' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.3.3 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'

SYSTEM AND COMMUNICATIONS PROTECTION

1.3.6 Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.9 Ensure 'Default geolocation setting' is set to 'Enabled: Don't allow any site to track users physical location'

CONFIGURATION MANAGEMENT

1.5.1 Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.7.1 Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.7.2 Ensure 'Allow cross-origin HTTP Basic Auth prompts' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.13.1 Ensure 'Enable saving passwords to the password manager' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.14.1 Ensure 'Enable startup boost' is set to 'Disabled'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.17.1 Ensure 'Specifies whether to allow insecure websites to make requests to more-private network endpoints' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.20.1 Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.20.2 Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.20.3 Ensure 'Enable Microsoft Defender SmartScreen DNS requests' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

1.20.4 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.20.5 Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.20.6 Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.22.1 Ensure 'Configure Edge TyposquattingChecker' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.23 Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads'

SYSTEM AND INFORMATION INTEGRITY

1.24 Ensure 'Allow download restrictions' is set to 'Enabled: Block potentially dangerous downloads'

SYSTEM AND INFORMATION INTEGRITY

1.27 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.28 Ensure 'Allow importing of autofill form data' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.29 Ensure 'Allow importing of browser settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.30 Ensure 'Allow importing of home page settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.31 Ensure 'Allow importing of payment info' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.32 Ensure 'Allow importing of saved passwords' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.33 Ensure 'Allow importing of search engine settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.34 Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.38 Ensure 'Allow personalization of ads search and news by sending browsing history to Microsoft' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.39 Ensure 'Allow queries to a Browser Network Time service' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

1.40 Ensure 'Allow remote debugging' is set to 'Disabled'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.42 Ensure 'Allow the audio sandbox to run' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.44 Ensure 'Allow user feedback' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.48 Ensure 'Allow websites to query for available payment methods' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.50 Ensure 'Automatically import another browser's data and settings at first run' is set to 'Enabled: Disables automatic import, and the import section of the first-run experience is skipped'

CONFIGURATION MANAGEMENT

1.52 Ensure 'Block tracking of users' web-browsing activity' is set to 'Enabled: Balanced (Blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)'

SYSTEM AND INFORMATION INTEGRITY

1.54 Ensure 'Clear browsing data when Microsoft Edge closes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.55 Ensure 'Clear cached images and files when Microsoft Edge closes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.56 Ensure 'Configure InPrivate mode availability' is set to 'Enabled: InPrivate mode disabled'

CONFIGURATION MANAGEMENT

1.60 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled'

ACCESS CONTROL

1.61 Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.62 Ensure 'Configure the Share experience' is set to 'Enabled: Don't allow using the Share experience'

CONFIGURATION MANAGEMENT

1.63 Ensure 'Configure whether form data and HTTP headers will be sent when entering or exiting Internet Explorer mode' is set to 'Enabled: Do not send form data or headers'

CONFIGURATION MANAGEMENT

1.64 Ensure 'Continue running background apps after Microsoft Edge closes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.65 Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'

CONFIGURATION MANAGEMENT

1.70 Ensure 'Delete old browser data on migration' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.71 Ensure 'Disable saving browser history' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.72 Ensure 'Disable synchronization of data using Microsoft sync services' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.73 Ensure 'DNS interception checks enabled' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.74 Ensure 'Enable AutoFill for addresses' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.75 Ensure 'Enable AutoFill for payment instructions' is set to 'Disabled'

CONFIGURATION MANAGEMENT