Details

If you enable this policy or leave it unset Basic authentication challenges received over non-secure HTTP will be allowed.

If you disable this policy non-secure HTTP requests from the Basic authentication scheme are blocked and only secure HTTPS is allowed.

This policy setting is ignored (and Basic is always forbidden) if the ‘AuthSchemes’ (Supported authentication schemes) policy is set and does not include Basic.

Solution

Policy Path: Microsoft EdgeHTTP authentication
Policy Setting Name: Allow Basic authentication for HTTP

Supportive Information

The following resource is also helpful.

• https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v96/ba-p/2997665

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

• 800-53|IA-5(6)

Source

• Tenable.com/audits