Appendix: Summary Table

Control Set
Correctly
Yes No
1 Microsoft Edge
1.1 Microsoft Edge
1.1.1 (L1) Ensure 'Ads setting for sites with intrusive ads' is set to
'Enabled: Block ads on sites with intrusive ads' (Automated)
1.1.2 (L1) Ensure 'Allow download restrictions' is set to 'Enabled:
Block potentially dangerous downloads' (Automated)
1.1.3 (L2) Ensure 'Allow file selection dialog' is set to 'Disabled'
(Automated)
1.1.4 (L1) Ensure 'Allow Google Cast to connect to Cast devices on
all IP addresses' is set to 'Disabled' (Automated)
1.1.5 (L1) Ensure 'Allow importing of autofill form data' is set to
'Disabled' (Automated)
1.1.6 (L1) Ensure 'Allow importing of browser settings' is set to
'Disabled' (Automated)
1.1.7 (L1) Ensure 'Allow importing of home page settings' is set to
'Disabled' (Automated)
1.1.8 (L1) Ensure 'Allow importing of payment info' is set to
'Disabled' (Automated)
1.1.9 (L1) Ensure 'Allow importing of saved passwords' is set to
'Disabled' (Automated)
1.1.10 (L1) Ensure 'Allow importing of search engine settings' is
set to 'Disabled' (Automated)
1.1.11 (L1) Ensure 'Allow managed extensions to use the
Enterprise Hardware Platform API' is set to 'Disabled'
(Automated)
1.1.12 (L2) Ensure 'Allow or block audio capture' is set to
'Disabled' (Automated)
1.1.13 (L2) Ensure 'Allow or block video capture' is set to
'Disabled' (Automated)
1.1.14 (L2) Ensure 'Allow or deny screen capture' is set to
'Disabled' (Automated)
1.1.15 (L1) Ensure 'Allow personalization of ads search and news
by sending browsing history to Microsoft' is set to 'Disabled'
(Automated)
1.1.16 (L1) Ensure 'Allow queries to a Browser Network Time
service' is set to 'Enabled' (Automated)
1.1.17 (L2) Ensure 'Allow suggestions from local providers' is set
to 'Disabled' (Automated)

184 | P a g e
1.1.18 (L1) Ensure 'Allow the audio sandbox to run' is set to
'Enabled' (Automated)
1.1.19 (L1) Ensure 'Allow user feedback' is set to 'Disabled'
(Automated)
1.1.20 (L2) Ensure 'Allow users to open files using the ClickOnce
protocol' is set to 'Disabled' (Automated)
1.1.21 (L2) Ensure 'Allow users to open files using the
DirectInvoke protocol' is set to 'Disabled' (Automated)
1.1.22 (L2) Ensure 'Allow users to proceed from the HTTPS
warning page' is set to 'Disabled' (Automated)
1.1.23 (L1) Ensure 'Allow websites to query for available payment
methods' is set to 'Disabled' (Automated)
1.1.24 (L1) Ensure 'Allows a page to show popups during its
unloading' is set to 'Disabled' (Automated)
1.1.25 (L2) Ensure 'Ask where to save downloaded files' is set to
'Disabled' (Automated)
1.1.26 (L1) Ensure 'Automatically import another browser's data
and settings at first run' is set to 'Enabled: Disables
automatic import, and the import section of the first-run
experience is skipped' (Automated)
1.1.27 (L2) Ensure 'Block third party cookies' is set to 'Enabled'
(Automated)
1.1.28 (L1) Ensure 'Block tracking of users' web-browsing activity'
is set to 'Enabled: Balanced (Blocks harmful trackers and
trackers from sites user has not visited; content and ads will
be less personalized)' (Automated)
1.1.29 (L2) Ensure 'Browser sign-in settings' is set to 'Enabled:
Disable browser sign-in' (Automated)
1.1.30 (L1) Ensure 'Clear browsing data when Microsoft Edge
closes' is set to 'Disabled' (Automated)
1.1.31 (L1) Ensure 'Clear cached images and files when Microsoft
Edge closes' is set to 'Disabled' (Automated)
1.1.32 (L1) Ensure 'Configure InPrivate mode availability' is set to
'Enabled: InPrivate mode disabled' (Automated)
1.1.33 (L2) Ensure 'Configure Online Text To Speech' is set to
'Disabled' (Automated)
1.1.34 (L1) Ensure 'Configure the list of names that will bypass the
HSTS policy check' is set to 'Disabled' (Manual)
1.1.35 (L1) Ensure 'Configure the list of types that are excluded
from synchronization' is set to 'Enabled' (Automated)
1.1.36 (L1) Ensure 'Configure the Share experience' is set to
'Enabled: Don't allow using the Share experience'
(Automated)

185 | P a g e
1.1.37 (L1) Ensure 'Continue running background apps after
Microsoft Edge closes' is set to 'Disabled' (Automated)
1.1.38 (L1) Ensure 'Control communication with the
Experimentation and Configuration Service' is set to
'Enabled: Disable communication with the Experimentation
and Configuration Service' (Automated)
1.1.39 (L1) Ensure 'Delete old browser data on migration' is set to
'Disabled' (Automated)
1.1.40 (L1) Ensure 'Disable saving browser history' is set to
'Disabled' (Automated)
1.1.41 (L1) Ensure 'Disable synchronization of data using
Microsoft sync services' is set to 'Enabled' (Automated)
1.1.42 (L1) Ensure 'DNS interception checks enabled' is set to
'Enabled' (Automated)
1.1.43 (L1) Ensure 'Enable AutoFill for addresses' is set to
'Disabled' (Automated)
1.1.44 (L1) Ensure 'Enable AutoFill for credit cards' is set to
'Disabled' (Automated)
1.1.45 (L1) Ensure 'Enable component updates in Microsoft Edge'
is set to 'Enabled' (Automated)
1.1.46 (L1) Ensure 'Enable deleting browser and download history'
is set to 'Disabled' (Automated)
1.1.47 (L1) Ensure 'Enable globally scoped HTTP auth cache' is set
to 'Disabled' (Automated)
1.1.48 (L2) Ensure 'Enable guest mode' is set to 'Disabled'
(Automated)
1.1.49 (L1) Ensure 'Enable network prediction' is set to 'Enabled:
Don't predict network actions on any network connection'
(Automated)
1.1.50 (L2) Ensure 'Enable online OCSP/CRL checks' is set to
'Enabled' (Automated)
1.1.51 (L1) Ensure 'Enable Proactive Authentication' is set to
'Disabled' (Automated)
1.1.52 (L1) Ensure 'Enable profile creation from the Identity flyout
menu or the Settings page' is set to 'Disabled' (Automated)
1.1.53 (L1) Ensure 'Enable renderer code integrity' is set to
'Enabled' (Automated)
1.1.54 (L1) Ensure 'Enable resolution of navigation errors using a
web service' is set to 'Disabled' (Automated)
1.1.55 (L2) Ensure 'Enable Search suggestions' is set to 'Disabled'
(Automated)
1.1.56 (L1) Ensure 'Enable security warnings for command-line
flags' is set to 'Enabled' (Automated)

186 | P a g e
1.1.57 (L1) Ensure 'Enable site isolation for every site' is set to
'Enabled' (Automated)
1.1.58 (L2) Ensure 'Enable Translate' is set to 'Disabled'
(Automated)
1.1.59 (L1) Ensure 'Enable usage and crash-related data reporting'
is set to 'Disabled' (Automated)
1.1.60 (L1) Ensure 'Enable use of ephemeral profiles' is set to
'Disabled' (Automated)
1.1.61 (L2) Ensure 'Enforce Bing SafeSearch' is set to 'Enabled:
Configure moderate search restrictions in Bing'
(Automated)
1.1.62 (L2) Ensure 'Enforce Google SafeSearch' is set to 'Disabled'
(Automated)
1.1.63 (L2) Ensure 'Extend Adobe Flash content setting to all
content' is set to 'Disabled' (Automated)
1.1.64 (L1) Ensure 'Hide the First-run experience and splash
screen' is set to 'Enabled' (Automated)
1.1.65 (L1) Ensure 'Manage exposure of local IP addresses by
WebRTC' is set to 'Disabled' (Automated)
1.1.66 (L1) Ensure 'Notify a user that a browser restart is
recommended or required for pending updates' is set to
'Enabled: Required - Show a recurring prompt to the user
indicating that a restart is required' (Automated)
1.1.67 (L1) Ensure 'Restrict exposure of local IP address by
WebRTC' is set to 'Enabled: Allow public interface over http
default route. This doesn't expose the local IP address'
(Automated)
1.1.68 (L1) Ensure 'Send site information to improve Microsoft
services' is set to 'Disabled' (Automated)
1.1.69 (L1) Ensure 'Set disk cache size, in bytes' is set to 'Enabled:
250609664' (Automated)
1.1.70 (L1) Ensure 'Set the time period for update notifications' is
set to 'Enabled: 86400000' (Automated)
1.1.71 (L2) Ensure 'Show an "Always open" checkbox in external
protocol dialog' is set to 'Disabled' (Automated)
1.1.72 (L2) Ensure 'Specify if online OCSP/CRL checks are required
for local trust anchors' is set to 'Enabled' (Automated)
1.1.73
found' is set to 'Disabled' (Automated)
1.2 Cast
1.2.1 (L1) Ensure 'Enable Google Cast' is set to 'Disabled'
(Automated)
1.3 Content Settings

187 | P a g e
1.3.1 (L2) Ensure 'Control use of the Web Bluetooth API' is set to
'Enabled: Do not allow any site to request access to
Bluetooth' (Automated)
1.3.2 (L2) Ensure 'Control use of the WebUSB API' is set to
'Enabled: Do not allow any site to request access to USB'
(Automated)
1.3.3 (L2) Ensure 'Default Adobe Flash setting' is set to 'Enabled:
Block the Adobe Flash plug-in' (Automated)
1.3.4 (L1) Ensure 'Default geolocation setting' is set to 'Enabled:
Don't allow any site to track users physical location'
(Automated)
1.4 Default search provider
1.5 Extensions
1.6 HTTP authentication
1.6.1 (L1) Ensure 'Allow cross-origin HTTP Basic Auth prompts'
is set to 'Disabled' (Automated)
1.6.2 (L2) Ensure 'Supported authentication schemes' is set to
'Enabled: digest, ntlm, negotiate' (Automated)
1.7 Native Messaging
1.8 Password manager and protection
1.8.1 (L1) Ensure 'Enable saving passwords to the password
manager' is set to 'Disabled' (Automated)
1.9 Printing
1.10 Proxy server
1.11 SmartScreen settings
1.11.1 (L1) Ensure 'Configure Microsoft Defender SmartScreen' is
set to 'Enabled' (Automated)
1.11.2 (L1) Ensure 'Configure Microsoft Defender SmartScreen to
block potentially unwanted apps' is set to 'Enabled'
(Automated)
1.11.3 (L1) Ensure 'Force Microsoft Defender SmartScreen checks
on downloads from trusted sources' is set to 'Enabled'
(Automated)
1.11.4 (L1) Ensure 'Prevent bypassing Microsoft Defender
SmartScreen prompts for sites' is set to 'Enabled'
(Automated)
1.11.5 (L1) Ensure 'Prevent bypassing of Microsoft Defender
SmartScreen warnings about downloads' is set to 'Enabled'
(Automated)
1.12 Startup, home page and new tab page
2 Microsoft Edge - Default Settings (users can override)
3 Microsoft Edge Update

188 | P a g e