Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Configuring MS Edge Security Baseline v107 using Settings Catalog

Posted on January 24, 2023January 24, 2023 by Jörgen Nilsson

The Security baseline in Intune is based on the Security Baseline for Edge v85.. We are currently on Edge baseline 107 (no new recommended settings for 108 & 109). That is only one reason for creating you own Edge Security baseline using Settings Catalog instead. More reasons are that it is easier to troubleshoot and managed only one policy instead of having some settings in the Baseline and the rest in an Edge policy based on settings catalog.

What are the challenges then? Well for security baseline v.107 (latest downloadable baseline) is that two settings does not exist in the Settings Catalog.

  • Force WebSQL to be enabled
  • Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context

These two settings are not in the Intune Security baseline either as they were added after v85..Here are the settings that can be set using settings catalog, all policies in green exists.

And here is an exported policy that can be imported using PowerShell for example so you don’t have to do the same detective work as I did. Intune-MEM/Edge Security Baseline 107 Settings catalog at master · Ccmexec/Intune-MEM · GitHub


If you want to set the two last settings here is a simple PowerShell script that will set the values missing in the Settings catalog. I tried importing the MSEdge.admx file and set the settings using the imported .admx feature but that did not work out either. Got duplicates of all settings and about half worked.

PowerShell script

# Registry key to create additional registry value for Microsoft Edge not in Settings catalog
 
$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"
 
# Check if the Microsoft Edge registry key already exists
 
if (!(Test-Path $RegistryPath)) {
 
        New-Item -Path $RegistryPath -Force
 
}
 
# Create the Microsoft Edge additional registry values
 
New-ItemProperty -Path $RegistryPath -Name "WebSQLAccess" -Value "0" -PropertyType dword -Force
 
New-ItemProperty -Path $RegistryPath -Name "SharedArrayBufferUnrestrictedAccessAllowed" -Value "0" -PropertyType dword -Force

To verify the settings I used the HardeningKitty toolkit which is simply great! It can be used to check compliance against different Security Baselines, Microsoft, STIG and more. It can be downloaded from here: https://github.com/scipag/HardeningKitty
After adding the script I got all settings verified.

This is how I will manage the security baseline from now on for Microsoft Edge. I hope this is useful!
Next up the Windows Security baseline :D!

2 thoughts on “Configuring MS Edge Security Baseline v107 using Settings Catalog”

  1. Pingback: Intune Newsletter - 27th January 2023 - Andrew Taylor
  2. Rkast says:
    May 14, 2023 at 7:06 pm

    Check out this idea for future baselines -> https://www.simsenblog.dk/2023/05/08/security-baseline-latest-as-settings-catalog/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
  • Reinstall a required Win32app using remediation on demand
  • Administrator protection in Windows 11 – First look
  • Remediation on demand script – ResetWindowsUpdate
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT