| 1.2.1 (L1) Ensure 'Enable Google Cast' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.3.1 (L1) Ensure 'Allow users to manage installed CA certificates' is set to 'Enabled: None' | ACCESS CONTROL |
| 1.4.3 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.6 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.9 (L1) Ensure 'Default automatic downloads setting' is set to 'Enabled: Don't allow any website to perform automatic downloads' | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.10 (L1) Ensure 'Default geolocation setting' is set to 'Enabled: Don't allow any site to track users' physical location' | CONFIGURATION MANAGEMENT |
| 1.6.1 (L1) Ensure 'Enable insecure download warnings' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.1 (L1) Ensure 'Configure Edge Website Typo Protection' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.9.1 (L1) Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 1.11.1 (L1) Ensure 'Enable Gamer Mode' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.13.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13.2 (L1) Ensure 'Allow cross-origin HTTP Authentication prompts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.14.1 (L1) Ensure 'Guided Switch Enabled' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.20.1 (L1) Ensure 'Specifies whether to block requests from public websites to devices on a user's local network' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.21.1 (L1) Ensure 'Enable saving passwords to the password manager' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.24.1 (L1) Ensure 'Enable startup boost' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.31.1 (L1) Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.31.2 (L1) Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.31.3 (L1) Ensure 'Enable Microsoft Defender SmartScreen DNS requests' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.31.4 (L1) Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.31.5 (L1) Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.31.6 (L1) Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.32.1 (L1) Ensure 'Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.33 (L1) Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads.' | SYSTEM AND INFORMATION INTEGRITY |
| 1.34 (L1) Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads' | SYSTEM AND INFORMATION INTEGRITY |
| 1.37 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.38 (L1) Ensure 'Allow import of data from other browsers on each Microsoft Edge launch' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.39 (L1) Ensure 'Allow importing of autofill form data' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.40 (L1) Ensure 'Allow importing of browser settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.41 (L1) Ensure 'Allow importing of home page settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.42 (L1) Ensure 'Allow importing of payment info' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.43 (L1) Ensure 'Allow importing of saved passwords' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.44 (L1) Ensure 'Allow importing of search engine settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.45 (L1) Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.49 (L1) Ensure 'Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.50 (L1) Ensure 'Allow queries to a Browser Network Time service' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.51 (L1) Ensure 'Allow remote debugging' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.52 (L1) Ensure 'Allow the audio sandbox to run' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 1.54 (L1) Ensure 'Allow user feedback' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.58 (L1) Ensure 'Allow Web Authentication requests on sites with broken TLS certificates' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.59 (L1) Ensure 'Allow websites to query for available payment methods' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.61 (L1) Ensure 'Automatically import another browser's data and settings at first run' is set to 'Enabled: Disables automatic import, and the import section of the first-run experience is skipped' | CONFIGURATION MANAGEMENT |
| 1.62 (L1) Ensure 'Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.64 (L1) Ensure 'Block tracking of users' web-browsing activity' is set to 'Enabled: Balanced (Blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.66 (L1) Ensure 'Clear browsing data when Microsoft Edge closes' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.67 (L1) Ensure 'Clear cached images and files when Microsoft Edge closes' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.68 (L1) Ensure 'Clear history for IE and IE mode every time you exit' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.69 (L1) Ensure 'Configure browser process code integrity guard setting' is set to 'Enabled: Enable code integrity guard enforcement in the browser process.' | SYSTEM AND INFORMATION INTEGRITY |
| 1.70 (L1) Ensure 'Configure InPrivate mode availability' is set to 'Enabled: InPrivate mode disabled' | CONFIGURATION MANAGEMENT |
