IT admins should check these new settings in Edge 138 before they are enabled by default

Microsoft Edge 138 was released a few hours ago. The new version of the browser is headlined by AI-powered history search, performance notifications, and a new consent toggle in autofill settings, among many other things. However, just like every previous version of Edge, this latest version of the browser also includes new policies, and Microsoft has encouraged IT admins to have a look at them.

Microsoft Edge 138 contains six new settings, but the good news is that the security baseline is the same as Edge 128, so you don't need to re-evaluate your organization's security posture. That said, Microsoft has urged IT admins to have a look at two settings which are currently in preview. The rationale behind testing them now is that they will become enabled by default in a future update. The two configurations in question are as follows:

• Control whether TLS 1.3 Early Data is enabled in Microsoft Edge: TLS 1.3 Early Data is a performance feature that sends HTTPS requests in parallel with the TLS 1.3 handshake. This boosts performance at a network level in secure connections, but the Redmond tech firm has requested IT admins to test it to identify any potential compatibility issues.
• Specifies whether to block requests from public websites to devices on a user's local network: This policy improves your organizations cybersecurity posture as it blocks lateral traversal and data exposure due to malicious websites interacting with your internal resources like printers and APIs. Microsoft has asked IT admins to test this setting as well in order to verify that legitimate requests from the public internet are not blocked. You may also notice that a label in the associated setting indicate that this feature is deprecated, but this is a human error and will be resolved in a future update.

In totality, Microsoft has introduced six new policies in Edge 138. They are described briefly below:

• TLS13EarlyDataEnabled: Detailed above
• LocalNetworkAccessRestrictionsEnabled: Detailed above
• BuiltInAIAPIsEnabled: Allows webpages to utilize built-in AI APIs
• EdgeHistoryAISearchEnabled: Vet access to the AI-powered history search capabilities
• PrefetchWithServiceWorkerEnabled: Enable SpeculationRules prefetch for ServiceWorker-controlled URLs
• EdgeOpenExternalLinksWithPrimaryWorkProfileEnabled: When opening default links, use the Primary Work Profile as the default

You can find additional details in the associated support document here.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377

RIP Matrix | Farewell my friend