Information
This policy setting controls whether Microsoft Edge will apply enhanced security mode on Intranet zone sites. Enhanced security mode in Microsoft Edge mitigates memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation and enabling additional operating system protections for the browser.
The recommended state for this setting is Disabled.
Rationale:
Enhanced security mode provides 'defense-in-depth' protection that makes it more difficult for a malicious site to use an unpatched vulnerability to write to executable memory.
Impact:
Disabling this setting could lead to Intranet zone sites acting in an unexpected manner.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enhanced Security Mode configuration for Intranet zone sites
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.
Default Value:
Disabled. (Microsoft Edge will apply enhanced Security Mode on Intranet zone sites.)