1.78 Ensure 'Enable browser legacy extension point blocking' is set to 'Enabled'

Information

This policy setting sets the ProcessExtensionPointDisablePolicy on Microsoft Edge's browser process to block code injection from legacy third party applications.

Note: Per Microsoft, only turn off the policy if there are compatibility issues with third-party software that must run inside Microsoft Edge's browser process.

The recommended state for this setting is: Enabled.

Rationale:

If this policy is set to Disabled, it may have a detrimental effect on Microsoft Edge's security and stability as unknown and potentially hostile code can load inside Microsoft Edge's browser process.

Impact:

Compatibility issues with third-party software can occur.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enable browser legacy extension point blocking

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Enabled. (ProcessExtensionPointDisablePolicy is applied to block legacy extension points in the browser process.)

See Also

https://workbench.cisecurity.org/benchmarks/11865