Microsoft Edge: v.139 - New Autofill Personal Information Settings Configuration

🚨 The Signal: Microsoft Edge will now ask users for consent to collect web form field labels to improve autofill accuracy. This feature, controlled by existing Autofill policies, does not collect user-entered data but impacts data privacy posture.

The Impact

End-users and security teams are affected by new data collection consent, posing a minor privacy risk.

• End-users: New consent prompt for form label collection.
• Security Teams: Review privacy policies for data collection.
• Privacy Officers: Assess consent mechanism against regulations.

The Action

1. Review existing Microsoft Edge Autofill policies (e.g., AutofillAddressEnabled, AutofillMLEnabled) via Group Policy or Intune.
2. Consider disabling AutofillMLEnabled if form label collection is not desired for privacy reasons.
3. Communicate the new consent prompt to end-users and provide guidance.
4. Update internal privacy documentation to reflect this new data collection consent.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860