Secure Microsoft Edge Browser

Happy New Year, everyone!

I was reading some Microsoft Articles about how to secure the Microsoft Edge Browser, and I wanted to test it. It was fun 😊.


Many companies prefer to use Edge as their default browser, which is both fast and efficient. However, we want to ensure that end users are safe and secure while using it.


I came across a couple of Intune settings for Edge to enhance security. There are many options, but in this demo, I chose three.

1. Enable Microsoft Edge Password Manager

2. Password Reused.

3. Enhance Password Phishing Protection. 

Let us take them one by one

Enable Microsoft Edge Password Manager: Allow users to save their passwords in Microsoft Edge. When this policy is enabled, Microsoft Edge will automatically fill in the password the next time a user visits the site.

 If you disable this policy, users can't save new passwords, but they can still use previously saved passwords. If you enable or disable this policy, users can't change or override it in Microsoft Edge. If you don't configure it, users can save passwords, as well as turn this feature off.


 Password Reused: Configures notifications for Enhanced Phishing Protection to safeguard against password reuse.


Enhance Password Phishing Protection: 

Allow Microsoft Edge to monitor user passwords. If enabled and the user consents, they will be alerted if any stored passwords are unsafe, and details will be found in Settings > Passwords > Password Monitor. Disabling this policy prevents users from receiving alerts or scanning their passwords. If enabled or not configured, users can toggle this feature.

Let us configure these settings in Intune

In Microsoft Intune Go to 

Devices > Manage Devices > Configuration > Policies > Create > New Policy> Select Windows 10 and Later and Settings Catalog, then Create









For testing purposes, I assigned this Configuration to a test group which has one device



After waiting for the device to receive all the new settings, I checked the device and tried to create 3 different accounts for this demo with a weak and reused password.



In the screenshot above, you can easily see that the browser has prompted you to save the password.

under your browser picture profile, you can see the Edge Wallet when you have saved all your Passwords, or you can use this link edge://wallet/passwords

Under Password, you can see 3 different tabs: Weak, Reused, and Leaked Passwords.







You can check the event viewer to see if the policy applied or not 

This is can be checked under Applications and Services Logs> Microsoft> Windows> DeviceManagement-Enterprise-Diagnostic-Provider>Admin

In this Demo I can see all policies have applied to the test device.




Thank you for reading, and have a good evening!







Comments

Post a Comment

Popular posts from this blog

New LAPS for Windows 11 24H2

Image
  Windows LAPS automatically manages and backs up the password of a local administrator account on devices joined to Microsoft Entra ID (formerly Azure AD) or Windows Server Active Directory. This feature helps protect against pass-the-hash and lateral-traversal attacks, enhances security for remote help desk scenarios, and facilitates device recovery if they become inaccessible.   As many of you know, LAPS for Entra joined devices was announced around 2023 and has worked perfectly since then on Entra, Hybrid, joined, and On-premises devices via AD as well. One of the big challenges we all know is that the first version (if I can say that) of LAPS did not allow you to create a new custom admin account or change the existing admin account, which meant we had to use custom configuration or scripts to do that.   Microsoft announced the new LAPS about 3 weeks ago via Arnab Mitra, Sr. Program Manager at Microsoft, and it was a great announcement. Let us go ahead and co...
Read more

Windows Autopatch Hotpatch

Image
Windows Autopatch Hotpatch I am sure all of you guys are about to get busy for Thanksgiving! this is a short blog about Hotpatch. This morning, while I was checking for updates regarding my tenants and looking for the new hardware inventory setting, I was pleased to see that the new setting “ Hotpatch for Windows ” had appeared in my tenant. Before we discuss it, let’s first go over the details. We are all familiar with quality updates and the security patches released on the second Tuesday of each month. Microsoft has created a hotpatch for Windows 11 24H2 that allows these updates to be applied without requiring a restart. Typically, after monthly updates, the device must restart to install all security patches and to update the build number (the last four digits of Windows). According to Microsoft, there will be two types of updates each quarter. The first update will occur in January, April, July, and October and will include a full security patch and new features, requiring the de...
Read more

How to block TikTok or other social media

Image
Have you considered blocking social media platforms like Facebook, TikTok, and others on corporate devices?   Many government entities in our community want to restrict access to social media on their official devices rather than personally owned devices (BYOD). There are several reasons for this. For example, in the USA, TikTok was blocked and unblocked.   There are many ways to do this, such as Firewall, Network, Microsoft Defender, and so on. However, I will discuss how to do it via Intune. Create a Policy:         Create a New Policy: Name it as you want and add the description.     Configuration settings > add settings > and search for “URL blocking” and pick both Google Chrome and Microsoft Edge. And pick the one for the device, not the user, did not work for me. Then add the URL you want to block to “ Block access to a list of URLs (Device)”. I went a little further by disallowing the users to run the TikTok application “...
Read more