Details
This setting specifies what HTTP authentication methods are supported.
The recommended setting is Enabled: digest, ntlm, negotiate.
Rationale:
Basic authentication is the least secure method of authenticating as it sends username and password information in un-encrypted form which should never be done for security reasons.
Impact:
Any sites that utilizes Basic Authentication will be impacted. Sites will need to be reconfigured to support a more secure form of authentication.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: digest, ntlm, negotiate’
Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft EdgeHTTP authenticationSupported authentication schemes
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.
Default Value:
Enabled – The following schemes will be used: basic, digest, ntlm, and negotiate.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.