So we implemented the Microsoft Edge Security baseline using MEM a while ago. Today I received a question from some users being unable to access a website that requires a sign-in. The only obvious error message received was “Authorization Required” but the login/sign-in prompt never appeared.
I was able to reproduce the issue from my test device and started to do some digging. When visiting the page I got directly to “Authorization Required” and never got to see the sign-in prompt. In the developer tools (F12) I found that I received “401 Unauthorized” meaning that I was unable to sign in successfully.
Developer tools (F12):
After doing some further investigation I found that it was trying to run a basic authentication scheme and I know that we block that with the MS Edge security baseline.
This resolution will change the MS Edge security baseline and I recommend that you assign this to users with this specific need only. Read the whole resolution before you start.
- Visit the MEM-portal
- Click: “Endpoint security“
- Click: “Security baselines“
- Click: “Microsoft Edge Baseline“
- Click: “Properties“
- Configuration settings “Edit“
- Edit “Supported authentication schemes” and check “Basic“
Note: This setting is not enabled by default due to security reasons. I do not recommend that you change this for all users.
- After saving and assigning the policy to just the users with this specific need I was able to resolve the issue (sorry for Swedish)! =)
The MS Edge security baseline will block basic authentication to all sites. It is always recommended to ask your developers to change to a more secure scheme but if that is not possible you may allow basic auth for temporarily.