Allow Basic authentication for HTTP

Information

If you enable this policy or leave it unset, Basic authentication challenges received over non-secure HTTP will be allowed.

If you disable this policy, non-secure HTTP requests from the Basic authentication scheme are blocked, and only secure HTTPS is allowed.

This policy setting is ignored (and Basic is always forbidden) if the 'AuthSchemes' (Supported authentication schemes) policy is set and does not include Basic.

Solution

Policy Path: Microsoft Edge\HTTP authentication
Policy Setting Name: Allow Basic authentication for HTTP

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-microsoft-edge-version-127/ba-p/4205820

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6)

Plugin: Windows

Control ID: d328598849c3143c8b86ce6e120954b32d48f2a4cce0ee0b33a322b8b8ffb0ba