How to improve security in the Microsoft Edge browser

If you use Microsoft Edge daily for work, study, or simply browsing your favorite websites, you'll be interested to know how to make the most of all your security optionsEdge has gone from being the "filler browser" for Windows to a very serious alternative to Chrome and Firefox, especially when it comes to threat protection and privacy.

Although there are browsers very focused on privacy like Firefox or Brave, Edge has a lot of special settings and features that, when properly configured, allow browse with much more peace of mind without sacrificing comfortThe trick is to know each option, understand what it means for your security and usability, and find the right balance between being protected and not going crazy with blocks and alerts.

What is Microsoft Edge's enhanced security?

Microsoft has incorporated a system into Edge called Enhanced web securitydesigned to reduce the risk of attacks that exploit browser memory vulnerabilities, one of cybercriminals' favorite vectors when we visit compromised or unreliable pages.

To achieve this, Edge disables the Just-In-Time (JIT) JavaScript compilation In certain contexts, it activates additional operating system protections, such as hardware-enhanced stack protection and arbitrary code protection (ACG). These technologies make it extremely difficult for a malicious site to gain access. inject and execute code into browser memoryeven when there is no official patch yet for the exploited vulnerability.

The beauty of the system is that Edge doesn't always apply the same level of security: it adapts to your browsing habits. Thus, it can be stricter with new or unusual sites and be somewhat more permissive with pages you visit often and that have a good track record, minimizing compatibility issues while maintaining a good defense.

In some installations, this feature may come enabled by default while Microsoft tests and adjusts itIf at any time you want to review or turn it off, everything is managed from the settings menu, in the browser's security section.

Enhanced security modes: Off, Balanced, and Strict

The enhanced security feature can be customized through three main levels that define how aggressive the protections Edge applies when loading websites will be.

First, there's the option of having it DisabledIn that case, the browser doesn't add these extra layers of protection and behaves like a more standard browser, using its basic defenses but without the advanced mitigations against memory vulnerabilities or JIT disabling. It's the least secure mode, although also the least likely to break anything.

The next step is mode Balanced (recommended)Here, Edge applies additional defenses primarily to sites you don't visit frequently or that it considers unknown. Pages you use daily are usually exempt from these more aggressive measures, which helps ensure that, on a daily basis, Everything will function normally while you remain better protected in unfamiliar territory..

Finally, there is the mode StrictIn this profile, the browser decides that security comes first and applies Enhanced safeguards at all default locationseven on sites you visit frequently. This significantly improves protection, but may cause performance issues on certain websites, which might not load videos, advanced scripts, or some interactive features correctly.

In general, balanced mode is the best combination of security and usability for most usersStrict mode makes sense if you are particularly sensitive to risk (for example, in highly regulated corporate environments or if you handle sensitive data) and are willing to invest some time in fine-tuning exceptions.

How to tell if enhanced security is active on a site

When enhanced security is working on a particular page, Edge will let you know. You'll see text or an icon. “Added security” to the left of the address barThis means that, for that domain, the browser has activated additional protections and is limiting certain features such as JavaScript JIT.

From that same indicator, you can manage the settings for that site. Clicking on “Added security” displays site information and provides access to a control called “Improve the security of this site”From there you can decide whether you want to keep the enhanced security for that specific website or disable it.

If you choose Disable enhanced security on a specific pageEdge automatically adds that domain to an exception list. This means that, unless you change anything in the general settings, the browser will remember not to apply aggressive mitigations to that website, preventing you from encountering errors or broken functions every time you visit it.

This site-by-site approach allows you to browse normally but also has a safety "handbrake" handy when you land on unknown or suspicious-looking websites. not having to give up on having your trusted pages work as usual.

How to select the enhanced security level in Edge

To change the enhanced security level we mentioned earlier, you only need a moment in your browser settings. You don't need to be an expert to do it. Adjust Edge to your liking in this respect.

The steps are simple: first, open Microsoft Edge and click on the menu Settings and more, represented by the three dots in the upper right corner. Then select Configuration and, within the side panel, enter the section Privacy, search and services.

Within that section, scroll down until you find the block called SecurityThere you'll see the "Improve web security" switch. Make sure it's in the ON position. EnabledIf it isn't, activate it to start benefiting from these additional defenses.

Once the feature is turned on, Edge will allow you to choose the your preferred exploration modeOff, balanced, or strict. Select the one that best suits your browsing style. You can always return to this screen if you notice too many problems on specific websites and want to switch to a less restrictive profile or add exceptions.

Create and manage enhanced security exceptions

In practice, not all pages need or tolerate the same level of control. That's why Edge lets you create a list of sites where enhanced security will always be enabled and another in which, on the contrary, it will not be used even if the general mode is strict or balanced.

To add an exception, return to Settings > Privacy, search, and services > Security and double-check that “Improve web security” is turned on. Then go to the option Site preferences for added security, where you will see two separate sections for managing behavior by domain.

In the list “Never use enhanced security for these sitesYou can add websites where you'd prefer Edge not to apply advanced mitigations, usually for compatibility or performance reasons. Just click on Add siteEnter the full URL and confirm with “Add”.

On the opposite side is “Always use enhanced security for these sites"Here you add pages you want to protect, even if they are theoretically trustworthy. Again, you add each domain using the 'add' button and its full address, and Edge will enforce enhanced security on every visit."

If you change your mind or made a mistake typing the address, you can manage these lists by going back to “Site Preferences to Improve Security”. Next to each entry, a menu appears. More Actions from which you can Edit the URL (and save the changes) or Remove the site of the list so that it is governed again by the general settings.

The “Super Duper” safe mode and advanced mitigations

Within this enhanced protection approach, Edge has an experimental feature that has been internally called Super Duper safe mode, a name that will probably change, but whose objective is the same: to drastically reduce the browser's attack surface.

Microsoft's security team detected that the V8 JavaScript engineThis feature, also used in other Chromium-based browsers, was responsible for a very high number of security flaws. Specifically, the feature of JIT compilation, which speeds up the execution of JavaScript, opened the door to different types of exploits that are difficult to mitigate completely.

The idea behind this safe mode is to disable JIT compilation except when strictly necessary, and combine it with measures such as Control-flow Enforcement Technology (CET)Intel's hardware protection is designed to block attempts to manipulate the flow of code execution. By reducing the area where an attacker can exploit vulnerabilities, Approximately half of the exploited errors are eliminated and the rest becomes much harder to take advantage of.

Interestingly, according to Microsoft, disabling Just-in-Time (JIT) doesn't always have a noticeable impact on performance for the average user. On many common websites, the difference is barely perceptible, while the security improvement is considerable, especially against attacks that exploit unpatched vulnerabilities.

Activating this mode follows a similar process to enabling enhanced security in general. You have to open Edge, go to the menu... Configuration, go to “Privacy, search and services” and scroll down to the section on SecurityThere, an option related to Enable security mitigations for a safer browsing experienceBy activating this switch, you can choose between a balanced mode, which focuses mainly on less frequent pages, and a stricter mode that applies to all sites.

Comparison with other browsers and threat context

Edge's enhanced security features do not exist in isolation, but rather as a response to an environment where Web-based threats are clearly on the riseIndependent organizations such as CyberRatings.org, which evaluate security products, have noted that ransomware and attacks that begin with phishing emails or social engineering have skyrocketed in recent years.

In this scenario, the browser has become a key piece of the defense chainIt's the gateway through which suspicious links, fake forms, or infected downloads reach you, and what the software does at that moment can make the difference between a scare and a disaster.

Currently, direct rivals such as Chrome or Firefox do not offer an exact equivalent. to Edge's enhanced security, although they allow manually disabling features like JIT or introducing some additional mitigations through advanced settings or experimental flags.

Safari, for its part, has announced a specific feature for users at high risk of targeted attacks that also opts for Disable JIT and other complex web technologiesexcept on sites that the user themselves marks as trusted. It's a very similar philosophy: sacrificing some performance or compatibility to gain security against highly sophisticated threats.

In the specific case of Edge, all these layers are supported by other pillars such as the use of the Blink rendering engine and Microsoft Defender SmartScreen, which blocks websites flagged as malicious, suspicious downloads, and phishing attempts. The result is a modern browser that tries to stay one step ahead of attackers, without forcing you to switch applications to get advanced protection.

How to interpret the security icon in the address bar

Each time you visit a website with Edge, the browser displays an icon next to the address bar that indicates the security status of the connectionUnderstanding what each status means helps you decide whether it's a good idea to enter your password or card details there, or if it's better to run for the hills.

When you see that the connection appears as secure and with a valid certificateThis means the site has a certificate issued by a trusted authority and that the data between your browser and the server is encrypted. In theory, no one should be able to intercept it easily. Even so, it's always a good idea to double-check the URL to make sure it's really the website you wanted to visit and not a malicious copy with a slightly changed name. Also, if you need to manage certificates, you can Add and export digital certificates in Microsoft Edge.

If Edge indicates that the site is “not fully secure” or does not have a valid certificateThe connection is not well secured, and the information you send can be intercepted by third parties. This poses a direct risk to your personal data, so it's best to avoid logging in, entering passwords, or providing sensitive information on these pages.

In some cases, the browser may warn you outdated security configuration, such as expired, invalid, or self-signed certificates that lack trust in the system. This indicates that something is seriously wrong with the site's security, and Edge will usually advise against proceeding or entering any personal information.

The worst-case scenario is when the website is flagged as “suspicious or dangerous” by Microsoft Defender SmartScreenAt that point, your browser warns you that the site might be trying to trick you into installing malware, stealing credentials, or stealing financial data. It makes sense not to ignore these alerts: the recommendation is to close the tab and not continue, because your privacy and your computer are at serious risk.

Privacy in Edge: tracking, cookies, and data deletion

In addition to protections against exploits and malicious websites, Edge includes a wide range of options for control the way websites track you and store your dataThis is where tracking prevention, cookie management, and automatic deletion of browsing information come into play.

Within the settings, under “Privacy, search and services”, you will see the section for Follow-up preventionWhen you activate it, you can choose between three levels: basic, balanced, and strict. Each level determines how many trackers are blocked and to what extent websites are allowed to track you from site to site.

The basic level blocks only clearly dangerous trackers, prioritizing compatibility. The balanced level, which is usually the recommended option, It blocks trackers from sites you don't usually visit, and some additional ones.This significantly reduces tracking without breaking too many pages. Strict mode blocks most trackers, including many cookies used to personalize ads, which is better for privacy but can cause crashes on websites that rely heavily on these technologies.

If a page you're interested in fails in strict mode, you can use the section on Exceptions within the tracking prevention itself to authorize trackers in that specific domain. It's a way to maintain a generally strict policy, but a more relaxed one for your trusted destinations.

In the same privacy section you will find the option “Choose what should be deleted each time you close your browserFrom here, it's possible to specify that, upon exiting Edge, data such as [data type] should be automatically deleted. delete history in Microsoft Edge and downloads, cookies, cached images, passwords, form data, or granted permissions. This prevents someone else using the computer from seeing what you've done or from compromising older information in the event of an attack.

However, deleting cookies and cache has its cost: You'll have to log in more often and websites may load a bit slower The first time after deletion, because they have to download resources again that were previously stored locally. The key, again, is finding the balance between convenience and privacy that works best for you.

Advanced management of site cookies and permissions

If you want to fine-tune what websites can store or do on your computer, Edge offers advanced controls in the section of Site Permissions within the settings. From there you can adjust how cookies, access to the camera, microphone, location, and other sensitive resources are handled.

In “Cookies and site data” it is possible block all third-party cookiesThis is one of the most effective steps to reduce cross-page tracking. You can also delete all stored cookies, create a blocked website list so they can't save anything, or conversely, a list of trusted sites where cookies are allowed even if the general policy is restrictive.

Within “Site Permissions” appear elements such as Location, camera, microphone, notifications, and other resourcesFrom each one you can choose whether you want to allow websites to request access, block them from even trying, or create whitelists and blacklists of domains that can or cannot use those permissions without asking.

This screen also includes the option to manage the treatment of misleading or intrusive advertisementsas well as blocking certain types of content such as Flash (increasingly less relevant), JavaScript in general, or specific controllers. If you're looking for the cleanest and most controlled environment possible, this is a goldmine of settings.

Another traditional function of browsers is the option “Do Not Track” or Do Not Track (DNT)This simply sends a request to websites to stop tracking you. The problem is that most major advertising platforms and services like Google, Facebook, and Twitter ignore this signal, so in practical terms, it's of little use. In fact, activating it can actually add to your digital footprint, making it easier to identify you through fingerprinting.

Fingerprinting and extensions: when they help and when they worsen your privacy

Browser fingerprinting is an advanced tracking method that relies on collecting hundreds of technical parameters of your device and your browser to build a virtually unique fingerprint, difficult to erase even if you change your IP address or delete cookies.

The data involved includes the operating system, hardware, language, installed fonts, time zone, cookie preferences, whether Do Not Track is enabled, the list of extensions, and many other variables. All of this, combined, It allows you to identify yourself with considerable accuracy. even if you don't log in anywhere.

This means that, paradoxically, the more unusual extensions you install and the more exotic modifications you make to the browserThe more you use a specific extension, the more likely your configuration will be unique and therefore easier to track. This doesn't mean you shouldn't use extensions, but it does mean you should avoid accumulating them unnecessarily or having several with very similar functions.

The logical recommendation is to keep only the extensions that actually add something and occasionally check the list in the browser's "Extensions" menu. From there you can disable them with a simple switch or Remove a Microsoft Edge add-on if you no longer need them, reducing both the privacy risk and the possibility that any of them might be malicious.

At the same time, there are specific extensions that do help to better protect your privacy: ad blockers and trackers like uBlock OriginTools like Decentraleyes to block tracking via third-party content delivery networks, or plugins like Cookie AutoDelete that automatically delete cookies when you close tabs if you don't use Edge's native option.

Solutions like these are also popular DuckDuckGo Privacy Essentials, Privacy Badger, uMatrix or NoScript, aimed at controlling scripts, blocking spy trackers or strengthening the security of connections. Install add-ons and extensions in Microsoft Edge It gives you room to further adjust your level of protection, always keeping in mind the impact on fingerprinting and performance.

Telemetry, synchronization, and use of your Microsoft account

Another key aspect of privacy in Edge is its relationship with the data you send to MicrosoftThe browser collects certain technical and usage telemetry to improve stability, detect errors, and personalize services and advertising. If you're not comfortable with this data sharing, you can limit it in the settings or even... Reset Edge settings to reduce what is sent.

In “Privacy, search and services” you will see a section called something similar to “Help improve Microsoft Edge”From there you can disable the sending of browser usage data, information about the sites you visit, or statistics used to enhance security. The more you lower these settings, the less information reaches the company's servers.

Below there is usually a section related to “Personalize your web experience”where you can disable the use of your browsing data to personalize ads and content. This doesn't eliminate all ads, but it does reduce personalization based on your behavior, which somewhat improves your privacy.

In addition, Edge lets you sync favorites, passwords, settings, addresses, and forms, and even, in the latest versions, items like history, open tabs, collections, and extensions, all linked to your microsoft accountThis is very convenient for having everything the same across multiple devices, but it also means that some of your information is stored in the cloud; if you prefer to keep local copies, learn how to backup and restore browsers.

If you prefer to reduce that exposure, you can go to your profile at the top of the browser and go to “Manage profile settings”. There you will find the “Sync” section, from where you can completely turn off synchronization or uncheck specific items that you don't want to upload to the account.

The most radical option, if you don't trust them at all, is Sign out of EdgeYou'll still be able to use the browser, but without synchronization with other devices or cloud backups. However, if you reinstall the browser or switch computers, you may lose bookmarks, passwords, and other data that was only stored locally.

If you don't want to have the session permanently closed, you always have the alternative of using the browsing as a guestThis creates a temporary session where browsing data is not saved or associated with your main profile, very useful when you share a computer or just want an isolated session.

Protection against unwanted downloads, dangerous apps, and encrypted DNS

In addition to all of the above, Edge integrates security layers designed to prevent problems from arising when they attempt to infiltrate through unencrypted downloads or connections. This is concentrated in the lower part of the block.Services"within "Privacy, search and services".

There you can activate or check the status of Microsoft Defender Smart ScreenThe filter analyzes the pages you visit and the downloads you make to block those classified as dangerous or potentially malicious. It's an important tool for avoiding accidentally installing suspicious software or falling for scam websites.

You will also see the option to “Block potentially unwanted applications”This feature attempts to prevent the download and installation of programs with a bad reputation, such as adware or tools that, while not strictly malware, behave suspiciously. It's useful, but sometimes it can block software you actually want; if that happens, learn how. Prevent Microsoft Defender from blocking safe files.

On the connection side, Edge allows you to enable the protocol DNS over HTTPS (DoH)This ensures that domain name resolution requests (translating a URL into an IP address) travel encrypted using HTTPS instead of plain text. This makes it more difficult for anyone on the network to spy on which pages you are accessing or manipulate that traffic.

In versions where it doesn't appear directly in the standard settings, you can activate it by going into the experimental options or "flags" by typing edge://flags/#dns-over-https In the address bar, look for the entry “Secure DNS lookups” and set it to “Enabled” instead of “Default”. From then on, Edge will resolve domains more securely, provided your DNS provider supports it.

If you need even more control over the connection, a a trusted VPN or a well-configured system-level proxy They add another layer of privacy and security, although in this case the management is usually done from the Windows network settings or other external programs, not directly from Edge.

Taken together, all these features make Microsoft Edge a much more robust browser than many initially realize. By adjusting a few parameters, you can achieve a very reasonable experience where Dangerous websites, trackers, and suspicious downloads have a much harder time. to turn your session into a headache.

The key is to take some time to familiarize yourself with all these options, choose an enhanced security level that suits your needs, occasionally review the exceptions, and pay attention to browser alerts. With this minimal maintenance, Edge goes from being simply "the Windows browser" to becoming a fairly robust tool for protecting your privacy and your computer while you browse.