1.58 (L2) Ensure 'Browser sign-in settings' is set to 'Enabled: Disable browser sign-in'

Information

This policy setting controls whether a user can sign into Microsoft Edge with an account to use services such as sync and single sign on.

The recommended state for this setting is: Disabled: Disable browser sign-in

Note: To control the availability of sync, use the

SyncDisabled

(Disable synchronization of data using Microsoft sync services) policy.

Note #2: This setting works in conjunction with the

NonRemovableProfileEnabled

setting which will need to be set to Disabled because the setting

NonRemovableProfileEnabled

disables the creation of an automatically signed in browser profile.

Users will not be able to sign into Microsoft Edge with an account. Signing into Edge does not automatically sync users' data, to control the availability of sync, use the

SyncDisabled

(Disable synchronization of data using Microsoft sync services) policy.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled: Disable browser sign-in :

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Browser sign-in settings

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from:

Download Microsoft Edge for Business - Microsoft

.

Impact:

Users will not be able to sign into the Microsoft Edge browser.

See Also

https://workbench.cisecurity.org/benchmarks/18501

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 8e8437951b2f56b988253c5a3a4b99e776c436505e750b48b6de346c4b2b444e