Microsoft edge Security Baseline: Unable to get login prompt / authorization required

Issue

So we implemented the Microsoft Edge Security baseline using MEM a while ago. Today I received a question from some users being unable to access a website that requires a sign-in. The only obvious error message received was “Authorization Required” but the login/sign-in prompt never appeared.

Troubleshooting

I was able to reproduce the issue from my test device and started to do some digging. When visiting the page I got directly to “Authorization Required” and never got to see the sign-in prompt. In the developer tools (F12) I found that I received “401 Unauthorized” meaning that I was unable to sign in successfully.

Developer tools (F12):


After doing some further investigation I found that it was trying to run a basic authentication scheme and I know that we block that with the MS Edge security baseline.

Resolution

This resolution will change the MS Edge security baseline and I recommend that you assign this to users with this specific need only. Read the whole resolution before you start.

  1. Visit the MEM-portal
  2. Click: “Endpoint security
  3. Click: “Security baselines
  4. Click: “Microsoft Edge Baseline
  5. Click: “Properties
  6. Configuration settings “Edit

  7. Edit “Supported authentication schemes” and check “Basic
    Note: This setting is not enabled by default due to security reasons. I do not recommend that you change this for all users.

  8. After saving and assigning the policy to just the users with this specific need I was able to resolve the issue (sorry for Swedish)! =)

Conclusion

The MS Edge security baseline will block basic authentication to all sites. It is always recommended to ask your developers to change to a more secure scheme but if that is not possible you may allow basic auth for temporarily.

Leave a Reply

Your email address will not be published.