Microsoft Edge: v.140 - HTTPS First Mode

🚨 The Signal: Microsoft Edge now automatically upgrades HTTP connections to more secure HTTPS, warning users if a site doesn't support it. This enhances browser security by reducing exposure to unencrypted traffic.

The Impact

All Edge users are affected by enhanced browsing security, reducing risks from unencrypted web traffic.

• End users: Safer browsing with automatic HTTPS upgrades.
• End users: May see warnings for insecure websites.
• Security teams: Reduced risk of data interception for web traffic.
• Admins: New policy to enforce secure browsing behaviour.

The Action

1. Review HttpsOnlyMode policy documentation for Microsoft Edge.
2. Evaluate deployment of HttpsOnlyMode policy via Group Policy or Intune to enforce HTTPS-First for managed devices.
3. Communicate to end-users about potential HTTPS-First warnings for legacy sites.
4. Monitor user feedback regarding website compatibility post-policy deployment.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860