1.40 (L2) Ensure 'Allow or block audio capture' is set to 'Disabled'

Information

This policy setting allows you to set whether the end-user is prompted for access to audio capture devices.

The recommended state for this setting is: Disabled

Note: The

AudioCaptureAllowedUrls

setting will need to be configured along with this setting if this feature is needed for specific websites.

With the end-user having the ability to allow or deny audio capture for websites in Microsoft Edge, could open an organization up to a malicious site that may capture proprietary information through the browser. By limiting or disallowing this setting, it removes the end-user's discretion leaving it up to the organization as to the sites allowed to use this ability.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow or block audio capture

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from:

Download Microsoft Edge for Business - Microsoft

.

Impact:

Users will not be prompted for audio devices when using websites which may need this access, for example a web-based conferencing system. If there are sites which access will be allowed, this will need to be configured in the

AudioCaptureAllowedUrls

setting.

See Also

https://workbench.cisecurity.org/benchmarks/18501

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: be450e7deb102bac2e1706f533224377771f6d55f8a4fa1e4cf7870d6112bcaa