Microsoft Edge's Enhanced Security Mode explained

Martin Brinkmann
Jul 29, 2022
Microsoft Edge
|
17

Microsoft Edge's Enhanced Security Mode is an optional security feature of Microsoft's web browser that is designed to improve protection against attacks on the Internet.

microsoft edge enhanced security mode

Called Super Super Secure Mode during its experimental testing phase, Enhanced Security Mode blocks access to the Just In Time compiler; this reduces the attack surface and makes it more difficult to use exploits according to Microsoft.

When enabled, Enhanced Security Mode enables additional protections provided by the operating system, such as Hardware Enforced Stack Protection, Arbitrary Code Guard, and Control Flow Guard.

ADVERTISEMENT

Note: WebAssembly is not supported right now. Sites that use it need to be added to the exceptions list to make sure they work in Edge after enabling the security mode.

Configuring Enhanced Security Mode

microsoft edge enhance security

Enhanced Security Mode is disabled by default. Edge users may configure the security feature in the following way:

  1. Load edge://settings/privacy in the browser's address bar; this opens the Privacy, search and services options of Edge.
  2. Scroll down until you find "Enhance your security on the web".
  3. Enable the toggle to turn the feature on.

Note: Enhanced Security Mode is available on Windows and Mac operating systems only.

The security feature has two different levels that you may select:

  • Basic (Edge Dev only) -- Enables Enhanced Security Mode for "less visited sites" only.
  • Balanced -- The default level when Enhanced Security Mode is enabled. It uses security mitigations on all sites that are not visited frequently.
  • Strict -- Improves security further by enabling the enhanced protections on all sites.

Strict mode offers protections on all sites, but it may lead to more site breakage according to Microsoft.

microsoft edge enhanced-security mode exceptions

You can disable the security mode on specific sites by selecting Exceptions in Edge Stable (in Edge Dev, it is called manage enhanced security for sites).

Microsoft is testing a new option to always use enhanced security for sites in Edge Dev currently. Exceptions are useful, for example, when a site's functionality is broken if the mode is enabled.

Administrators may use a policy to configure the security feature in the Edge browser.

Manage Enhanced Security

microsoft edge-manage enhanced security

Microsoft Edge displays "Added security" in the browser's address bar if Enhanced Security Mode is enabled on a site.

A click on the icon and the selection of "Enhance security for this site" displays an option to turn the feature off on the site and to open the preferences to adjust them in the browser.

Now You: How useful is Edge's Enhanced Security Mode feature?

Summary
Microsoft Edge's Enhanced Security Mode explained
Article Name
Microsoft Edge's Enhanced Security Mode explained
Description
Microsoft Edge's Enhanced Security Mode is an optional security feature of Microsoft's web browser that is designed to improve protection against attacks on the Internet.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «

Comments

  1. ServiceDeskUntiliDie said on July 29, 2022 at 5:38 pm
    Reply

    Off-topic: does anyone know of a release note page for Edge such as what Firefox, Chrome and Apple maintain? A page that shows the version numbers and their release date?
    All I can find is a general audience blog that breathlessly expounds on all the new features (that none of seem to actually want lol).

      1. ServiceDeskUntiliDie said on August 1, 2022 at 5:53 pm
        Reply

        Cheers!

  2. Tony said on July 30, 2022 at 4:05 am
    Reply

    > Microsoft Edge displays “Added security” in the browser’s address bar if Enhanced Security Mode is enabled on a site.

    I know it is ridiculously, but that was the reason why I stopped using the enhanced security mode. It just really annoyed me this see this huge label taking up space. There are all kinds of security features enabled and running in the background, not only in the browser, but also in the OS. There is simply zero need for any of them (besides the SSL icon) to display a huge marketing message alerting us to that these security features are running.

    And this “Added security” banner is completely useless. When you click it it provides zero information about what kind of security that has been added.

    What is the next step? That Windows Defender starts to display a huge banner in the task bar displaying all the various ways it helps protect your computer.

    The “Added security” could easily be replaced with e.g. a symbol on top of the SSL icon.

    Some of us do care about minimal UI and having a huge irrelevant banner conflict with this.

    /rant over

    1. Martin Brinkmann said on July 31, 2022 at 7:55 am
      Reply

      Agreed, it is large and Microsoft could replace it easily with an icon. Maybe even display “added security” for a moment before collapsing it into an icon.

  3. Fred said on July 30, 2022 at 4:55 am
    Reply

    I distrust MS to such a degree that I completely uninstalled Edge. I also uninstall most of the MS pre-installed apps.
    My devices are lean and mean speedy fighting machines without the MS spyware.

    1. Frankel said on July 30, 2022 at 4:00 pm
      Reply

      That’s right, don’t send it to Microsoft. Your data is safe with Google!

      1. Peter said on August 1, 2022 at 12:51 am
        Reply

        @Frankel
        The funny thing is that our data are safer with Google than Microsoft. The last years the leaks of data from Google are minimal. Microsoft had more than 6 leaks of data the last year lol.
        Anything but Microsoft is safer and more secure. The most redicilous leak of all was the leak of sensitive data of users of Microsoft’s Bing search engine mobile application and the leak of the source code of Bing and Cortana.

      2. Metin said on August 4, 2022 at 12:11 am
        Reply

        That is not true. Most data leaks including yours wasn’t about users and very minimal. Microsoft didn’t have any leak that revealed user information last year. If we would l include all, Google would have more user based leaks compared to Microsoft. Don’t forget about Google is ads based company unlike Microsoft. So not just they collect more data about you but also your data most likely more spread among the advertisers on Google. Which creates even larger attack vector. Even Google didn’t have a direct leak, hacking those advertisers would be enough to leak valuable information about you

    2. Raj said on August 1, 2022 at 5:01 pm
      Reply

      I prefer Microsoft. Google is pretty devious in its attempts to hold your data. And it would not allow you to use ad blockers in its products despite getting your data. Microsoft has been making great products lately and gets my vote.

  4. LTMTechGuy said on July 30, 2022 at 7:39 am
    Reply

    This will offer superior “security” automatically rather than Chrome or Firefox by default from the perspective of a normal user?

    1. Anonymous said on July 31, 2022 at 5:35 am
      Reply

      Yes, the added protection is less likely to break a website.

    2. Lukasz said on July 31, 2022 at 7:10 am
      Reply

      It’s not enabled by default but yes, it provides much better security

      By disabling JIT JavaScript code is just much simpler to analyze and block malicious parts. Downside: possible lower performance but according to developers tests, in real usages is not visible in any way / may even help

  5. TelV said on August 1, 2022 at 10:48 am
    Reply

    I wonder what will happen when Windows 8.1 extended support terminates on Jan 10 next year and Edge has been installed on that OS to replace IE.

    It’ll probably switch to Super Super Insecure Mode. :D

  6. Charlie said on August 2, 2022 at 2:15 pm
    Reply

    Has anyone noticed that it blocks too many site/pages/items?

  7. Metin said on August 4, 2022 at 12:05 am
    Reply

    It is not a marketing text lol. Because it can break sites. When this feature first announced it didn’t have this text and I forgot about this feature exist. There was tons of websites which were breaking including WhatsApp web and I was going crazy because I had no idea what was causing these problems. If this text existed back then it would be way easier to for me to find a solution because it took me weeks to find out that setting caused the problems because it was new and there wasn’t much articles about it either

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.