This policy setting allows for the configuration for users to add exceptions to allow mixed content for specific sites. Policy options settings: Blockinsecurecontent(2) = Do not allow any site to load mixed content Allowexceptionsinsecurecontent (3) = Allow users to add exceptions to allow mixed content Note: This policy can be overridden for specific URL patterns using the insecurecontentAllowedForUrls (Allow insecure content on specified sites) and insecurecontentBlockedForUrls (Block insecure content on specified sites) policies. The recommended state for this setting is: Enabled: Do not allow any site to load mixed content Rationale: Allowing mixed (secure / insecure) content from a site can lead to malicious content being loaded. Mixed content occurs if the initial request is secure over HTTPS, but HTTPS and HTTP content is subsequently loaded to display the web page. HTTPS content is secure. HTTP content is insecure. Impact: Users will not be able to add exceptions for mix content webpages.
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Do not allow any site to load mixed content: Computer Configuration\Polices\Administrative Templates\Microsoft Edge\content settings\Do not allow any site to load mixed content Default Value: Enabled. (Users will be allowed to add exceptions to allow blockable mixed content and disable autoupgrades for optionally blockable mixed content.)