1.1.52 Ensure 'Enable profile creation from the Identity flyout menu or the Settings page' is set to 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting controls whether user profiles are able to create new profiles in Microsoft Edge.

The recommended state for this setting is: Disabled.

Rationale:

Allowing users to create new profiles could allow for such profiles to be removed or switched which may end up in a situation that hides or even removes data which may be important for computer investigation and investigators such as Computer Forensics Analysts may not be able to retrieve pertinent information to the investigation.

Impact:

Users will be unable to utilize the Add profile option in Microsoft Edge.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enable profile creation from the Identity flyout menu or the Settings page

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled

See Also

https://workbench.cisecurity.org/files/3907