Information
This policy setting allows you to specify data types that will be limited/excluded from uploading data to the Microsoft Edge synchronization service.
The recommended state for this setting is: Enabled with the following CASE SENSITIVE datatype passwords.
Note: In a High Security/Sensitive Data Environment (L2), this setting should also include the following options: settings, favorites, addressesAndMore, extensions and collections.
Rationale:
Storing and sharing information could potentially expose sensitive information including but not limited to user passwords and login information. Allowing this synchronization could also potentially allow an end user to pull corporate data that was synchronized into the cloud to a personal machine.
Impact:
Password data will not be synchronized with the Azure AD Tenant.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled with the following CASE SENSITIVE datatype passwords:
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Configure the list of types that are excluded from synchronization
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.
Default Value:
Not Configured.