HotCakeX · HotCakeX · Jan 24, 2025 · Jan 23, 2025
@@ -20,7 +20,7 @@ public enum ComplianceCategories
 	WindowsNetworking, // 17
 	MiscellaneousConfigurations, // 20
 	WindowsUpdateConfigurations, // 15
-	EdgeBrowserConfigurations, // 14
+	EdgeBrowserConfigurations, // 18
 	NonAdminCommands // 9
 }
 

@@ -103,7 +103,7 @@ public static void Initialize(string VerbosePreference = "SilentlyContinue", boo
 		GlobalVars.MDAVConfigCurrent = ConfigDefenderHelper.GetMpComputerStatus();
 
 		// Total number of Compliant values
-		GlobalVars.TotalNumberOfTrueCompliantValues = 257;
+		GlobalVars.TotalNumberOfTrueCompliantValues = 261;
 
 		// Getting the $VerbosePreference from the calling cmdlet and saving it in the global variable
 		GlobalVars.VerbosePreference = VerbosePreference;

@@ -154,6 +154,10 @@ RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Micr
 RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,4,Disable TLS_RSA_WITH_AES_128_CBC_SHA - (NO PFS - CBC - SHA1),String,0x002f,false,true,https://learn.microsoft.com/en-us/deployedge/configure-edge-with-mdm
 RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,5,Disable TLS_RSA_WITH_AES_128_GCM_SHA256 - (NO PFS),String,0x009c,false,true,https://learn.microsoft.com/en-us/deployedge/configure-edge-with-mdm
 RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,6,Disable TLS_RSA_WITH_AES_256_GCM_SHA384 - (NO PFS),String,0x009d,false,true,https://learn.microsoft.com/en-us/deployedge/configure-edge-with-mdm
+RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge,ExtensionManifestV2Availability,Never disable Manifest V2 extension support,DWORD,2,false,true,https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#extensionmanifestv2availability
+RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge,DefaultWebUsbGuardSetting,Never let websites ask to access local USB connected devices,DWORD,2,false,true,https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#defaultwebusbguardsetting
+RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge,DefaultWindowManagementSetting,Denies the Window Management permission on all sites by default,DWORD,2,false,true,https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#defaultwindowmanagementsetting
+RegistryKeys,EdgeBrowserConfigurations,HKEY_LOCAL_MACHINE,SOFTWARE\Policies\Microsoft\Edge,DynamicCodeSettings,Prevent the browser process from creating dynamic code,DWORD,1,false,true,https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#dynamiccodesettings
 RegistryKeys,NonAdminCommands,HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,HideFileExt,Show File extensions,DWORD,0,false,true,
 RegistryKeys,NonAdminCommands,HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Hidden,Show hidden files,DWORD,1,false,true,
 RegistryKeys,NonAdminCommands,HKEY_CURRENT_USER,Control Panel\International\User Profile,HttpAcceptLanguageOptOut,Disable websites accessing local language list,DWORD,1,false,true,

@@ -31,7 +31,7 @@ Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DnsOverHttpsMode,automa
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,AutomaticHttpsDefault,2,DWORD,AddOrModify,Automatically upgrade HTTP connections to HTTPS
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,EncryptedClientHelloEnabled,1,DWORD,AddOrModify,Enable Encrypted Client Hello
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,BasicAuthOverHttpEnabled,0,DWORD,AddOrModify,Block Basic authentication for HTTP
-Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,ExperimentationAndConfigurationServiceControl,2,DWORD,AddOrModify,Allow devices using Edge category of the hardening script to receive new features and experimentations like normal devices
+Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,ExperimentationAndConfigurationServiceControl,2,DWORD,AddOrModify,Allow devices using the Edge category protection to receive new features and experimentations like normal devices
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,AudioSandboxEnabled,1,DWORD,AddOrModify,Enforces the audio process to run sandboxed
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\Recommended,DefaultShareAdditionalOSRegionSetting,2,DWORD,AddOrModify,Recommends that the share additional operating system region setting to be set to never.
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,1,0xc013,String,AddOrModify,Disable TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - (CBC - SHA1)
@@ -40,6 +40,10 @@ Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,4,0x002f,String,AddOrModify,Disable TLS_RSA_WITH_AES_128_CBC_SHA - (NO PFS - CBC - SHA1)
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,5,0x009c,String,AddOrModify,Disable TLS_RSA_WITH_AES_128_GCM_SHA256 - (NO PFS)
 Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList,6,0x009d,String,AddOrModify,Disable TLS_RSA_WITH_AES_256_GCM_SHA384 - (NO PFS)
+Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,ExtensionManifestV2Availability,2,DWORD,AddOrModify,Never disable Manifest V2 extension support
+Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DefaultWebUsbGuardSetting,2,DWORD,AddOrModify,Never let websites ask to access local USB connected devices
+Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DefaultWindowManagementSetting,2,DWORD,AddOrModify,Denies the Window Management permission on all sites by default
+Edge,HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge,DynamicCodeSettings,1,DWORD,AddOrModify,Prevent the browser process from creating dynamic code
 NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,HideFileExt,0,DWORD,AddOrModify,Show known file extensions in File explorer
 NonAdmin,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Hidden,1,DWORD,AddOrModify,Show hidden files and folders and drives toggles the control panel folder options item
 NonAdmin,HKEY_CURRENT_USER\Control Panel\International\User Profile,HttpAcceptLanguageOptOut,1,DWORD,AddOrModify,Disable websites accessing local language list