1.1.4 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting controls whether Google Cast is able to connect to all IP Addresses or only private IP Addresses as defined in RFC1918 (IPv4) and RFC4193 (IPv6). Note that if the EnabledMediaRouter policy is set to Disabled there is no positive or negative effect for this setting.

The recommended state for this setting is Disabled.

Rationale:

Allowing Google Cast to connect to public IP addresses could allow media and other potentially sensitive data to be exposed to the public. Disabling this setting will ensure that Google Cast is only able to connect to private (ie: internal) IP addresses.

Impact:

If this setting is set to Disabled there will be no effect to the user, as the default behavior of Not Configured has the same behavior as disabling the setting.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow Google Cast to connect to Cast devices on all IP addresses

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Disabled.

Google Cast connects to Cast devices on RFC1918/RFC4193 private addresses only, unless you enable the CastAllowAllIPs feature.

See Also

https://workbench.cisecurity.org/files/3907