1.43 Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled'

Information

This policy setting allows users to reload unconfigured sites (that are not configured in the Enterprise mode Site List) in Internet Explorer mode when browsing in Microsoft Edge for a site that requires Internet Explorer for compatibility.

After a site has been reloaded in Internet Explorer mode, 'in-page' navigations will stay in Internet Explorer mode (for example, a link, script, or form on the page, or a server-side redirect from another 'in-page' navigation). Users can choose to exit from Internet Explorer mode, or Microsoft Edge will automatically exit from Internet Explorer mode when a navigation that isn't 'in-page' occurs (for example, using the address bar, the back button, or a favorite link). Users can also optionally tell Microsoft Edge to use Internet Explorer mode for the site in the future.

Note: Enabling this setting takes precedence over how the InternetExplorerIntegrationTestingAllowed (Allow internet Explorer mode testing) policy is configured, and that policy will be disabled.

The recommended state for this setting is Disabled.

Rationale:

Internet Explorer is officially retired and unsupported. Allowing browsers to reconfigure into Internet Explorer mode could open an organization up to a malicious site due to its lack of support for modern security features.

Impact:

If this setting is Disabled users will not be able to reload unconfigured sites in Internet Explorer mode for compatibility. When users try to launch shortcuts or file associations that use Internet Explorer, they will be redirected to open the same file/URL in Microsoft Edge. When users try to launch Internet Explorer by directly invoking the iexplore.exe binary, Microsoft Edge will launch instead.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow unconfigured sites to be reloaded in Internet Explorer mode

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Not Configured.

See Also

https://workbench.cisecurity.org/benchmarks/11865

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.1, CSCv7|7.2

Plugin: Windows

Control ID: 6fe775dbc0837cf9e4eebf374081cfdc1956fb547c806e5628f3f2822d0adf0a