1.37 Ensure 'Allow or block video capture' is set to 'Disabled'

Information

This policy setting allows you to set whether the end-user is prompted for access to audio capture devices.

Note: The VideoCaptureAllowedUrls setting will need to be configured along with this setting if this feature is needed for specific websites.

The recommended state for this setting is: Disabled.

Rationale:

With the end-user having the ability to allow or deny video capture for websites in Microsoft Edge, could open an organization up to a malicious site that may capture proprietary information through the browser. By limiting or disallowing video capture it removes the end-user's discretion, leaving it up to the organization as to the sites allowed to use this ability.

Impact:

If you disable this setting users will not be prompted for audio devices when using websites which may need this access, for example a web-based conferencing system. If there are sites which access will be allowed, configuration of the VideoCaptureAllowedUrls setting will be necessary.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow or block video capture

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Enabled. (Users are prompted for audio capture access except from the URLs in the AudioCaptureAllowedUrls list. These listed URLs are granted access without prompting.)

See Also

https://workbench.cisecurity.org/benchmarks/11865

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: b4a50511989db8c0d3be6536727ca35ea558b87879548b1d1e3a56ae856958b7