Details

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

This policy is deprecated because it’s intended to be a short-term mechanism to give enterprises more time to update their web content when it’s found to be incompatible with the change to remove the U2F Security Key API. It won’t work in Microsoft Edge version 104.If you enable this policy the deprecated U2F Security Key API can be used and the deprecation reminder prompt shown for U2F API requests is suppressed.

If you disable this policy or don’t configure it the U2F Security Key API is disabled by default and can only be used by sites that register for and use the U2FSecurityKeyAPI origin trial which ends in Microsoft Edge version 104.

Solution

Policy Path: Microsoft Edge
Policy Setting Name: Allow using the deprecated U2F Security Key API (deprecated)

Supportive Information

The following resource is also helpful.

• https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v99/ba-p/3249241

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

• 800-53|IA-2

Source

• Tenable.com/audits