1.1.12 Ensure 'Allow or block audio capture' is set to 'Disabled'

Information

This policy setting allows you to set whether the end-user is prompted for access to audio capture devices. This may be Enabled (Default) or Disabled, in which case audio capture will only work for URLs configured in the AudioCaptureAllowedUrls setting.

Note: The AudioCaptureAllowedUrls setting will also need to be configured along with this setting.

The recommended state for this setting is: Disabled.

Rationale:

With the end-user having the ability to allow or deny audio capture for websites in Microsoft Edge, could open an organization up to a malicious site that may capture proprietary information through the browser. By limiting or disallowing this setting, it removes the end-user's discretion leaving it up to the organization as to the sites allowed to use this ability.

Impact:

If this setting is disabled users will not be prompted for audio devices when using websites which may need this access, for example a web-based conferencing system. If there are sites which access will be allowed, this will need to be configured in the AudioCaptureAllowedUrls setting.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow or block audio capture

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled.

See Also

https://workbench.cisecurity.org/files/3907

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: Windows

Control ID: 5f2e0e3899086d14c17c3d80d3c3c49fcccaa23368891706a66658f8a805a05b