Details

If you enable this policy or leave it unset Basic authentication challenges received over non-secure HTTP will be allowed.

If you disable this policy non-secure HTTP requests from the Basic authentication scheme are blocked and only secure HTTPS is allowed.

Solution

Policy Path: Microsoft EdgeHTTP authentication
Policy Setting Name: Allow Basic authentication for HTTP

Supportive Information

The following resource is also helpful.

• https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-88/ba-p/2094443

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

• 800-53|IA-5(6)

Source

• Tenable.com/audits