| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be OPEN on 03/05/2026 ResultHash: EC0EC4B4146EC68BE0B5FF96A0FCCA30E8EF2031 ~~~~~ Improper configuration detected. Refer to https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#proxysettings Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: ProxySettings Value: ADD YOUR PROXY CONFIGURATIONS HERE Type: REG_SZ Proper configuration of this setting requires that it be enclosed in { } brackets. Comments |
|||||
Check Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Proxy server/Proxy Settings" must be "Enabled", and have a "Proxy Settings" value defined for "ProxyMode". "ProxyMode" must be defined and set to one of the following: "direct", "system", "auto_detect", "fixed_servers", or "pac_script". Consult Microsoft documentation for proper configuration of the text string required to define the "Proxy Settings" value. Example: {"ProxyMode": "fixed_servers", "ProxyServer": "123.123.123.123:8080"} Values for "ProxyPacUrl", "ProxyServer", or "ProxyBypassList" are optional. Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the REG_SZ value for "ProxySettings" does not have "ProxyMode" configured, this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Proxy server/Proxy Settings" to "Enabled" and define a value for "ProxyMode". "ProxyMode" must be defined and set to one of the following: "direct", "system", "auto_detect", "fixed_servers", or "pac_script". Consult Microsoft documentation for proper configuration of the text string required to define the "Proxy Settings" value. Example: {"ProxyMode": "fixed_servers", "ProxyServer": "127.0.0.1:8080"} "ProxyPacUrl", "ProxyServer", or "ProxyBypassList" are optional.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 252F745C52C3FE26367A884C0FFF075A7D5765B7 ~~~~~ 'Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings' is Not Configured in Group Policy which is acceptable per the STIG. Comments |
|||||
Check Text
If this machine is on SIPRNet, this is Not Applicable. This requirement for "SmartScreenAllowListDomains" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/SmartScreen settings/Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings" may be set to "allow" for allowlisted domains. Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge SmartScreenAllowListDomains may be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\1 = mydomain.com HKLM\SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\2 = myagency.mil If configured, the list of domains for which Microsoft Defender SmartScreen will not trigger warnings may be allowlisted.
Fix Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/SmartScreen settings/Configure the list of domains for which Microsoft Defender SmartScreen will not trigger warnings" may be set to "allow" for allowlisted domains.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 8FC1BA97C73E26DF2F4FFBFA42EEF58E3174020A ~~~~~ 'Disable synchronization of data using Microsoft sync services' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: SyncDisabled Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Disable synchronization of data using Microsoft sync services" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "SyncDisabled" is not set to "REG_DWORD = 1", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Disable synchronization of data using Microsoft sync services" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 9C262364743C3FB68606CA959D2E3A2DCA16CB69 ~~~~~ 'Allow importing of browser settings' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: ImportBrowserSettings Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow importing of browser settings" must be set to "disabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "ImportBrowserSettings" is not set to "REG_DWORD = 0", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow importing of browser settings" to "disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: D0C011C3620DE26B3AC5D2A94FE6AC62E823B8E6 ~~~~~ 'Computer Configuration/Administrative Templates/Microsoft Edge/Control where developer tools can be used' is Enabled with 'Don't allow using the developer tools' Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: DeveloperToolsAvailability Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
Check Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Control where developer tools can be used" with the option value set to "Don't allow using the developer tools". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "DeveloperToolsAvailability" is not set to "REG_DWORD = 2", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Control where developer tools can be used" to "enabled" and select "Don't allow using the developer tools".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: BE3D82589FDCADE0CBAA20C00C665847239339B7 ~~~~~ 'Allow download restrictions' is Enabled with (1)'BlockDangerousDownloads' or (2)'Block potentially dangerous or unwanted downloads' or (3)'Block all downloads' or (4) 'Block malicious downloads' Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: DownloadRestrictions Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If this machine is on SIPRNet, this is Not Applicable. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow download restrictions" must be set to "Enabled" with the option value set to "BlockDangerousDownloads", "Block potentially dangerous or unwanted downloads", or "BlockMaliciousDownloads". The more restrictive option, "Block all downloads", is also acceptable. Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "DownloadRestrictions" is set to "REG_DWORD = 0", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow download restrictions" to "Enabled" and select one of the following: "BlockDangerousDownloads", "Block potentially dangerous or unwanted downloads", "BlockAllDownloads", or "BlockMaliciousDownloads".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: F277020857C97BCB2CDBE776BF649532A4E75FC3 ~~~~~ 'Allow pop-up windows on specific sites' is Configured Allowed popups: =========================== [*.]mil [*.]gov Comments |
|||||
Check Text
This requirement for "Allow pop-up windows on specific sites" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge "PopupsAllowedForUrls" must be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = mydomain.com HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = myagency.mil If configured, the list of domains for which Microsoft Edge allows pop-ups may be allowlisted.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" to "Enabled". A list of allowlisted URLs may be specified here.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 74D93E07BB01C85E69D696BD1039ECC68270753C ~~~~~ 'Allow specific extensions to be installed' is Not Configured in Group Policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist Value Name: (Not found) Comments |
|||||
Check Text
This requirement for "Allow specific extensions to be installed" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge "ExtensionInstallAllowlist" must be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1 = "extension_id1" HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\2 = "extension_id2" If configured, the list of extensions for which Microsoft Edge allows to be installed may be allowlisted.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" to "Enabled". A list of allowlisted extensions may then be specified.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 83E6551EBCA0DB90D3E94FCB2E45DB4FB4E84AAB ~~~~~ 'Ask where to save downloaded files' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Edge Value Name: PromptForDownloadLocation Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Ask where to save downloaded files" must be set to "enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "PromptForDownloadLocation" is not set to "REG_DWORD = 1", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Ask where to save downloaded files" to "enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-MicrosoftEdge_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 53EFE8294F1A016100A439E68BDC4A955D8F191C ~~~~~ 'Allow media autoplay on specific sites' is Configured Allowed sites: =========================== Comments |
|||||
Check Text
If this machine is on SIPRNet, this is Not Applicable. This requirement for "AutoplayAllowlist" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow media autoplay on specific sites" may be set to "allow" for allowlisted domains. Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge AutoplayAllowlist may be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\AutoplayAllowlist\1 = mydomain.com HKLM\SOFTWARE\Policies\Microsoft\Edge\AutoplayAllowlist\2 = myagency.mil If configured, the list of domains for which autoplay is allowed may be allowlisted.
Fix Text
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow media autoplay on specific sites" may be set to "allow" for allowlisted domains.