Microsoft Edge Security and Privacy

Microsoft Edge offers a comprehensive set of integrated security and privacy protection features that can help keep you safe online.

Many of these features work in the background and don’t require any configuration or oversight. For example, a technology called Microsoft Defender SmartScreen provides reputation-based protection against malware, phishing attacks, malicious advertising, and potentially unwanted applications.

But there are other Edge security and privacy features that are disabled by default or should be configured differently than Microsoft’s defaults. And these are the features we focus on in this chapter.

Examine the security and privacy features in Microsoft Edge

The front-end for Microsoft Edge’s security and privacy features can be found in Edge settings under Privacy, search, and services. (Or, just navigate to edge://settings/privacy).

Some features to consider here include:

Tracking prevention. This is discussed in the next section.

Clear browsing data. Here, you can clear your browsing history—optionally including your download history, cookies and other site data, cached images and files, passwords, autofill form data, site permissions, and more—or configure the browser to always clear some or all of this data each time you close it.

Privacy. It’s curious that there are only two features here. Do Not Track is configured by default but ignored by virtually the entire web, so this feature is inconsequential. And by default, Microsoft Edge lets websites see whether you have a payment method saved in the browser; you can safely turn that off.

Diagnostic data. Like Windows 11, Microsoft Edge tracks your actions and you cannot completely disable this behavior. You can, however, disable so-called optional diagnostic data tracking under “Optional diagnostic data.”

Search and service improvement. Set this option to “Off.” You should not help Microsoft by sending it the results of your web searches.

Personalization & advertising. Set this option to “Off.”

Security. For the most part, the default settings in this section are fine. But two features—secure DNS and enhanced web security—warrant further discussion so we discuss them both later in this chapter.

Limit online tracking

You should prevent online trackers from collecting your personal information and selling it to advertisers and malicious actors. To this end, Microsoft Edge includes a feature called tracking prevention that provides a limited level of protection against this behavior.

But it’s not enough, so you can ignore this feature. Instead, you should use another web browser or, at the very least, bolster the protections in Edge with one or more tracker blockers extensions. We discuss this topic in Set Up Microsoft Edge Correctly. This will provide you with the level of protection you need and that Edge does not supply.

This issue, in case it’s not obvious, that tracking protection does not work very well and it doesn’t block Microsoft’s trackers.

Enhance your security while browsing the web

Microsoft Edge includes an optional feature called enhanced security that helps protect you against memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation and enabling hardware-backed operating system protections. Enhanced security automatically applies strict security rules when you visit unfamiliar sites but it evolves over time as it learns your browsing habits.

Enhanced security is disabled by default and can be found in Edge settings by navigating to Privacy, search, and services > Security > Enhance your security on the web. When you enable this feature, you can choose between three levels of enhanced security.

They are:

Basic. This is the recommended setting, where Microsoft Edge applies added security protections to unfamiliar websites, but websites will work as expected.

Balanced. With this setting, Microsoft Edge applies added security protections to unfamiliar sites and sites that you don’t visit frequently. Most websites will work as expected.

Strict. With this setting, Microsoft Edge applies enhanced security protections to all websites. Some parts of websites might not work as expected if you use this setting.

You can also select “Manage enhanced security for sites” to configure websites that will always or never be impacted by this feature regardless of usage.

Enable secure domain name resolution

As you may know, the Internet uses a distributed service called Domain Name System (DNS) to translate—or resolve—URLs (like www.apple.com) into their literal Internet addresses (like 192.168.4.1). Windows 11 uses your Internet provider’s DNS servers by default and Microsoft Edge connects to these servers using the HTTP protocol by default. But because non-secure DNS traffic can be intercepted by malicious actors, it’s possible that others could modify that traffic and send you to a malicious website.

To prevent that from happening, Microsoft Edge includes an optional feature called secure DNS that routes DNS traffic using the more secure HTTPS protocol. Secure DNS can be found in Edge settings by navigating to Privacy, search, and services > Security > Use secure DNS to specify how to look up the network address for websites.

If your Internet provider doesn’t supply secure DNS services, you can configure alternative DNS servers instead: just select “Choose a service provider,” and a list of choices will appear.

Manage and monitor your passwords

Most people who use Microsoft Edge configure the browser to automatically sync key user data through their Microsoft account. By default, this includes favorites (bookmarks), settings, personal information (addresses, licenses, and so on), passwords, browser history, open tabs, extensions, collections, apps, and payment information.

To see which data you are syncing, open Microsoft Edge settings and navigate to Profiles > Sync.

Or just use the Address bar to navigate to edge://settings/profiles/sync

But when it comes to passwords, Microsoft Edge doesn’t just sync them between your PCs: it also acts as a full-featured password manager that can auto-fill your username and password information on the web, generate complex passwords, suggest that you replace weak passwords with stronger passwords, and alert you when your passwords are compromised by scammers or hackers.

And this functionality isn’t just for PCs: because Microsoft Edge is available on Mac, Linux, and on phones and other mobile devices, your passwords are available on all of the devices you use. You can even use Microsoft Edge for password auto-fill in apps outside of the browser on mobile platforms like Android, iPhone, and iPad.

Configure features related to passwords

To get started with password management in Microsoft Edge, open Edge settings and navigate to Profiles > Passwords (edge://settings/passwords).

Here, you can manage several options related to passwords, as well as your saved passwords. You should examine each of the settings here, but our advice is simple enough: Each option here should be set to “On” for the best experience. (And be sure to click “More settings” to ensure you’re seeing all of the password-related settings.)

Change a password that’s been flagged by the Password Monitor

Sometimes, a password for one or more of the websites for which you’ve created accounts will be exposed by a data breach or other hack. When that happens, Microsoft Edge will prompt you that your passwords have leaked online and recommend that you change them to stay secure.

You can also visit Edge settings > Profiles > Passwords to see whether any of your online accounts have been compromised. If Edge knows of any compromised accounts, it will display a red banner noting one or more leaked passwords.

Select the red banner to navigate to the Microsoft Edge Password Monitor (edge://settings/passwords/Passwordmonitor). Here, you can view the website(s) with leaked passwords and then change your password(s) one by one.

To manually check for leaked passwords, select “No new leaked passwords found” and then select the “Scan now” button next to “Leaked Passwords”

Manage saved passwords

Under the various options in Passwords settings, you will find a list of all of the passwords saved in Microsoft Edge. Each item displays the website name, user name, password (hidden by default), and relative strength of each password (under “Health”).

In addition to viewing a password with the appropriate “View password” button—which requires Windows Hello authentication—you can Change passwords, copy passwords, edit passwords, delete passwords, and choose to ignore the health of passwords using the relevant “More actions” button(“…”).

There are also options here for importing passwords (if you’re coming from another browser) and exporting passwords (if you’re leaving Edge to use another browser): these are available via the “More options” button (“…”) next to the search box at the top of the saved passwords list.