1.1.13 Ensure 'Allow or block video capture' is set to 'Disabled'

Information

This policy setting allows you to set whether the end-user is prompted for access to audio capture devices. This may be enabled (Default), or Disabled in which case audio capture will only work for URLs configured in the VideoCaptureAllowedUrls setting.

Note: The VideoCaptureAllowedUrls setting will also need to be configured along with this setting.

The recommended state for this setting is: Disabled.

Rationale:

With the end-user having the ability to allow or deny video capture for websites in Microsoft Edge, could open an organization up to a malicious site that may capture proprietary information through the browser. By limiting or disallowing video capture it removes the end-user's discretion leaving it up to the organization as to the sites allowed to use this ability.

Impact:

If you disable this setting users will not be prompted for audio devices when using websites which may need this access, for example a web-based conferencing system. If there are sites which access will be allowed, configuration of the VideoCaptureAllowedUrls setting will be necessary.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow or block video capture

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled.

See Also

https://workbench.cisecurity.org/files/3907

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: Windows

Control ID: 037089efd4c4210361c4db61e2a954c3b09e9705cbe8f829b59fd5a648a4ff84