(174) Microsoft Intune - Setting up Security Settings in Microsoft Edge

Have a customer who is on track with Essential 8 ML1, they are wanting to secure the following settings to prevent their end users from changing it.

The following need to be configured in Microsoft Intune:

• Allow users to bypass Enhanced Security Mode = Disabled

• Configure the list of domains for which enhance security mode will always be enforced = Enabled

  • Configure the list of domains for which enhance security mode will always be enforced (Device) = *

• Enable automatic HTTPS upgrades = Enabled

• Enable component updates in Microsoft Edge = Enabled

• Enhance the security state in Microsoft Edge = Enabled

  • Enhance the security state in Microsoft Edge (Device) = Balanced mode

• Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge = Enabled

• Allow users to manage installed CA certificates = Disabled

• Automatically select client certificates for these sites = Disabled

• Prevent bypassing Edge Website Typo Protection prompts for sites = Disabled

• Configure Edge Scareware Blocker Protection = Enabled

• Configure Microsoft Defender SmartScreen to block potentially unwanted apps = Enabled

• Configure Edge Website Typo Protection = Enabled

If you want to enforce Always use "Strict" level of enhanced security when browsing InPrivate, make the following change:

• Enhance the security state in Microsoft Edge = Enabled

  • Enhance the security state in Microsoft Edge (Device) = Strict Mode

After a company portal sync, and re-opening Edge, you will see that Always use "Strict" level of enhanced security when browsing InPrivate is set as "On" and greyed out from the end user changing it.