Exposure to malicious websites and downloads is the main way computers get infected with malware, so a better browser is one way to tighten security.
Microsoft Edge for Windows 10 brings numerous improvements over Internet Explorer. It strips out much of Explorer’s legacy code for a more secure base, and it is bolstered by several new defense technologies in Windows 10.
Staff and students alike can be vulnerable to credential theft and malware infections, so it’s wise to give them as much protection as possible. Here are three ways Edge can keep devices and data safe.
1. Target Vulnerabilities to Limit Threat Exposure
Edge does away with proprietary ActiveX controls, which were easily exploited in Internet Explorer because of their deep integration with the OS. Any web apps that rely on ActiveX will need to be rewritten to work in Edge. (Most commercial websites don’t rely on ActiveX.)
Edge blocks Adobe Flash Player by default, because hackers often target it. As an alternative, many sites have already moved to HTML5. When Flash is required, Edge will prompt users for permission to run it. Microsoft maintains a list of trusted Flash-based websites that work without users needing to give permission. Institutions can also block Flash entirely using Group Policy.
2. Minimize Exposure With Windows Defender
For colleges requiring a higher level of security, Windows Defender Application Guard runs Edge in a container that isolates user sessions from the OS and other applications. When WDAG is enabled, any malware that runs in the browser session can’t break out, which protects the integrity of Windows and user data.
Closing a WDAG session also deletes any malicious code to which the user was exposed.
IT can configure WDAG to open sites that are not trusted and have all other sites run in Edge without protection. Like most security technologies, WDAG has some disadvantages: Users can’t access their favorites in a WDAG session. But staff can enable data persistence so that users’ favorites and cookies are maintained across WDAG sessions.
3. Protect Networks with Improved Authentication Management
Microsoft discourages passwords because they are so easily compromised. Windows Hello lets users log in to Windows with a gesture, such as a PIN code or biometric authentication.
Edge now supports Windows Hello, so users can sign in to websites this way. Microsoft’s login site also supports Windows Hello, so users can access their Microsoft account using a PIN, gesture or security key.
Microsoft has been working with the FIDO Alliance to create Web Authentication, a standard also supported by Google, that supports logging in to sites using Windows Hello or portable FIDO2 security keys. Few commercial sites support FIDO currently, but institutions can FIDO-enable their own sites.