New Microsoft v93 Security Baselines for Group Policy
Last month, Microsoft released a security baseline for Microsoft Edge version 93. While there isn’t a whole lot new here it’s important to keep your security baselines up to date in order to ensure you are running best practice. You can download the latest security baseline packages here by selecting the Microsoft Edge v93 Security Baseline.zip file. The Security Baselines for Group Policy are designed around the same principle as the MEM Security Baselines. They provide an easy and effective way for admins to ensure that they are consistently enforcing a minimum-security level that addresses fundamental security and compliance issues. The baseline settings are preconfigured by Microsoft security specialists and have been tested for compatibility.
Installing the Microsoft Edge v93 Security Baseline
Once downloaded, you will see that the package contains multiple folder directories as is shown below. Note that unlike other packages, this one doesn’t include a Template folder as this package does not include the ADMX/ADM template files. You can download the template files directly from the Microsoft website for any of the current Edge versions. You must have the required template files in your central store for the package to work.
The next step is to import the new security baselines. You can import these policies either locally or into AD using the enclosed scripts. I am choosing to import them into my AD environment using the appropriate scripts as shown below.
In my case, I chose the East Sales OU, and I linked the MSFT Edge Version 93 – Computer GPO. Note that this is a computer side GPO, so it needs to be linked to an OU that contains computer objects. Now let’s look at the preconfigured settings below.
There is only one newly enforced setting and that is the disabling of 3DES which is outlined in the screenshot above. In Microsoft Edge version 95, the 3DES encryption cipher is completely removed and will no longer function so this is way to prepare you for the inevitable deprecation of it. The upcoming baseline security release will have the 3DES setting completely removed.
The other thing new is an addition by subtraction setting. Since Adobe Flash support has now ended and been removed from Microsoft Edge completely, there is no need to enforce the setting that disabled Flash.
All in all there were 31 new computer settings and 26 new user settings for Microsoft Edge version 93 which you learn more about here.