🎯 Purpose
✅ Enforce Essential Eight – User Application Hardening for Microsoft Edge on macOS.
➡️ Establishes a secure browser baseline by reducing exposure to phishing, malware, and browser‑based exploitation as part of IBP (Initial Baseline Protections).
👥 Who is affected
✅ Devices: All macOS devices
🚫 Exclusions: None
➡️ Users must browse using a hardened Microsoft Edge configuration.
☁️ What access is protected
✅ Application: Microsoft Edge
✅ Platform: macOS
➡️ Web access is protected through browser‑level security controls.
🔐 How hardening is enforced
✅ Malicious and intrusive content is blocked
✅ Unsafe downloads are restricted
✅ Microsoft SmartScreen protections are enforced
✅ Pop‑ups and developer tools are disabled
✅ DNS integrity and interception checks are enabled
➡️ Users are prevented from bypassing key security warnings and protections.
ℹ️ Note:
DNS‑over‑HTTPS is intentionally left in a neutral state at IBP level and can be enforced at higher Essential Eight maturity levels.
⚙️ What this policy does NOT enforce
🚫 Device compliance requirements
🚫 Authentication controls
🚫 OS‑level security settings
🚫 Network or firewall rules
➡️ This policy focuses solely on browser hardening.
🟢 Policy status
✅ Enabled
✅ Enforced via Intune configuration profile
📘 Essential Eight Alignment
✅ Supports User Application Hardening
✅ Reduces browser‑based attack surface
✅ Protects against phishing, malware, and exploit techniques
ℹ️ Additional restrictions may be introduced at Maturity Levels 2–3
📘 Practical Interpretation (Executive‑Friendly)
This policy ensures that:
✅ Web browsing is protected by built‑in security controls
✅ Users cannot bypass critical browser warnings
✅ A common attack vector is significantly reduced
This establishes a secure browser baseline aligned to Essential Eight and supports future security maturity uplift.