Information
This policy setting controls whether HTTP auth credentials may be automatically used in the context of another web site visited in Microsoft Edge.
Note: This policy is intended to give enterprises depending on the legacy behavior a chance to update their login procedures and will be removed in the future.
The recommended state for this setting is Disabled.
Rationale:
Allowing HTTP auth credentials to be shared without the users consent could lead to a user sharing sensitive information without their knowledge. Enabling this setting could also lead to some types of cross-site attacks, that would allow users to be tracked across sites without the use of cookies.
Impact:
None - this is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enable globally scoped HTTP auth cache
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.
Default Value:
Disabled.