Microsoft Edge: v.146 - Desktop Visual Search

🚨 The Signal: Microsoft Edge now includes Desktop Visual Search, allowing users to send images to Bing for analysis. This introduces a new vector for data exfiltration and potential exposure of sensitive information through image processing.

The Impact

All users are affected by a new data exfiltration risk through image processing, potentially exposing sensitive organisational data.

• End users: Risk of inadvertently uploading sensitive images to Bing.
• Security teams: Increased surface area for data exfiltration and compliance monitoring.
• Admins: New policy to manage to mitigate data leakage risks.
• Organisations: Potential exposure of confidential information via image analysis.

The Action

1. Review and implement the 'VisualSearchEnabled' policy to disable or control the feature: Edge Admin Template (ADMX) > Microsoft Edge > 'Enable Visual Search'.
2. Communicate to end-users about the risks of uploading sensitive images via visual search features.
3. Update data loss prevention (DLP) policies to monitor and restrict image uploads to external search services.
4. Assess data residency requirements for image data processed by Bing Visual Search.

Domain: M365-Apps · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860