InformationThis policy setting controls whether online OCSP/CRL revocation checks will be required.
The recommended state for this setting is Enabled.
Allowing certificates that have not been validated opens an organization up for an attack in which illegitimate sites are could potentially be presented as trusted.
Certificates that are not publicly verified will not be trusted and the user will be warned that the certificate is not trusted.
SolutionTo establish the recommended configuration via GP, set the following UI path to Disabled
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enable online OCSP/CRL checks
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.