1.7.2 Ensure 'Allow cross-origin HTTP Basic Auth prompts' is set to 'Disabled'

Information

This policy setting controls whether third-party sub-content can open a HTTP Basic Auth dialog and is typically disabled.

The recommended state for this setting is Disabled.

Rationale:

This setting is typically disabled to help combat phishing attempts.

Impact:

Disabling this setting should have minimal impact to the user as it is typically disabled by default and third-party sub-content can't open a HTTP Basic Auth dialog box.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\HTTP authentication\Allow cross-origin HTTP Basic Auth prompts

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Disabled.

See Also

https://workbench.cisecurity.org/files/4094