1.69 (L1) Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled'

Information

This policy setting allows you to specify data types that will be limited/excluded from uploading data to the Microsoft Edge synchronization service.

The recommended state for this setting is: Enabled with the following CASE SENSITIVE datatype passwords

Note: In a High Security/Sensitive Data Environment (L2), this setting should also include the following options: settings favorites addressesAndMore extensions and collections

Storing and sharing information could potentially expose sensitive information including but not limited to user passwords and login information. Allowing this synchronization could also potentially allow an end user to pull corporate data that was synchronized into the cloud to a personal machine.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled with the following CASE SENSITIVE datatype passwords :

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Configure the list of types that are excluded from synchronization

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from:

Download Microsoft Edge for Business - Microsoft

.

Impact:

Password data will not be synchronized with the Azure AD Tenant.

See Also

https://workbench.cisecurity.org/benchmarks/18501

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 01c6249acd8467b7b8bfcd1fcee9b08330bf9f91eac0564abecb62303553642e