question

WahidMoore-0888 avatar image
0 Votes"
WahidMoore-0888 asked YuZhou-MSFT answered

MS Edge IE Mode security settings

Hello,

I am prepping to remove Internet Explorer 11 from my organization devices and replace with IE mode. During testing I noticed that sites are blocked from allowing username/password in IE11 and MS Edge browsers but the pop-up window shows when launching the site within a Edge IEMode browser. HTTP Authentication is configured to 'negotiate' via GPO for both MS Edge and IE11.

My question is: does IE Mode allow users to bypass this security setting?

windows-group-policyms-edge
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @WahidMoore-0888

For better understanding the issue, I want to confirm something with you:

Do you mean the pop-up window shows in Edge IE mode but doesn't show in IE and Edge? Could you please provide a screenshot of the pop-up window?
How do you configure the HTTP Authentication group policy? I find there're many HTTP authentication policies, which one do you configure?
What exact security setting do you want to bypass?

0 Votes 0 ·

Yes, a pop-up shows up in IE mode and IE (when in compatibility mode), but not Edge. The current HTTP authentication in set to negotiate in accordance with DISA STIG guidance. I am not looking to bypass any setting rather understand why/how/what settings are being bypassed that allow for the pop-up window to show. The setting I am referring to is listed below. Additionally, I have attached screenshots of the windows that allow the pop-up and deny.

Windows Registry Settings
Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
Path (Recommended): N/A
Value Name: AuthSchemes
Value Type: REG_SZ

131980-ie-mode-error-edge.png


131969-ie-mode-error-edge-2.png


0 Votes 0 ·
YuZhou-MSFT avatar image
0 Votes"
YuZhou-MSFT answered YuZhou-MSFT edited

Hi @WahidMoore-0888

First, the group policy you set won't work in Edge IE mode and IE. The pop-up showing may be related with some settings in IE. You can also refer to this article for more information.

Second, you can try the following things to see if it can fix the pop-up issue in IE/IE mode:

  • Modify the security settings in Internet Explorer

  1. Search Internet Options in the search bar on the desktop and open it.

  2. Click the Security tab.

  3. If your computer is connected to the Internet, click Internet, and then click Custom Level.
    If your computer is connected only to a local intranet, click Local Intranet, and then click Custom Level.

  4. In the Security Settings dialog box, make sure that Automatic logon with current username and password is enabled under User Authentication.

  5. Click OK two times.


  • Enable Integrated Windows Authentication in Internet Explorer

  1. Open Internet Options.

  2. Click the Advanced tab.

  3. Verify that the Enable Integrated Windows Authentication check box is selected.

  4. Click Apply, OK to save the setting if you change it.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Regards,
Yu Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DonPickard-7259 avatar image
0 Votes"
DonPickard-7259 answered WahidMoore-0888 commented

IEMode simply engages IE, and so to control IEMode once engaged, you set the relevant IE settings, just exactly the same as you would do for IE itself.

If IE is configured to behave in a certain way, IEMode will honour those same settings.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If IE is no longer installed (removed from future images) will I still need to configure the IE GPO to apply the settings?

0 Votes 0 ·
YuZhou-MSFT avatar image
0 Votes"
YuZhou-MSFT answered

Hi @WahidMoore-0888

If IE is no longer installed, you need to make sure Internet Explorer 11 is enabled in Windows Features so that you can use Edge IE mode.
IE mode supports Internet Explorer settings and group policies that affect security zone settings and Protected Mode. I think you can still configure IE group policies. You can refer to this doc to see what IE mode supports.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Regards,
Yu Zhou


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.