Microsoft Edge 109 + Security Baseline: Text Prediction, Microsoft Account And Azure AD Account Linking
If you are using Microsoft Edge, you will automatically get the updated version with Windows Update. Alternatively, you can go to Menu > Help & Feedback > About Microsoft Edge to check for updates manually.

Microsoft has now released Edge 109.0.1518.52. It brings new security updates, policies for better manageability, and new features. Since this is an odd-number release, the Security Baseline will be the same as Edge version 107.
Microsoft Edge 109 addresses a total of 14 security vulnerabilities. Out of the 14, 2 are Edge-specific, while 12 are for Chromium-based web browsers. These are discussed in detail down below.
Also, as a reminder, Microsoft Edge version 109 will be the last supported Edge version on Windows 7, 8, and 8.1, as announced earlier. From Edge 110 and onwards, Edge will no longer be supported on the aforementioned operating systems.
This makes it all the more important to upgrade to Edge version 109 at the earliest using the given guide below.
Additionally, Microsoft has also made minor changes to the Security Baseline for Edge v107 and released it. To increase your security, you may also download Microsoft Edge Security Baseline for version 109 from below.
Table of contents
Edge 109 Release Summary
- Complete Release Build: 109.0.1518.52
- Release Date: Thursday, January 12th, 2023
- Compatibility: Windows 11, 10, 8, 8.1, 7 (32-bit and 64-bit), Mac, Linux, iOS, and Android.
- Previous Build: Edge 108
- Bug Fixes: 14. More information about security fixes can be found here.
New in Microsoft Edge 109
In Edge 109, 14 security vulnerabilities have been addressed. Moreover, it also includes 8 new policies, 3 new features, and 2 policies that have become obsolete.
New Features
-
Account Linking between a personal Microsoft account (MSA) and Azure Active Directory (AAD) account.
Users can now link their personal Microsoft account (MSA) to their Azure Active Directory (AAD) account through their place of employment or educational institution.
Once connected, users who are logged in with their work or school account can earn Microsoft Rewards points for using Microsoft Bing or Windows search box.
Tenant admins can also manage this functionality by utilizing the “LinkedAccountEnabled” policy or the Message Center component of the Microsoft 365 Admin Center.
-
Changes to TLS server certificate verification.
The certificate trust list and the certificate verifier will be separated from the root store of the host operating system in Microsoft Edge version 110. Instead, the browser will offer and ship with the default certificate trust list and the certificate validator.
To manage when the integrated root store and certificate verifier are utilized, the “MicrosoftRootStoreEnabled” policy is now available for testing.
The policy will no longer be supported in Microsoft Edge version 111.
-
Text prediction.
Microsoft Edge now offers word and sentence predictions on websites to assist you in writing quickly and accurately. Using the “TextPredictionEnabled” policy, administrators can limit the use of text predictions.
This is currently only available in the US, India, and Australia in the English language only.
New Policies
The following list of policies has been introduced with Edge 109:
-
WebHidAllowAllDevicesForUrls
Description: This setting allows you to list sites that are automatically granted permission to access all available devices.
The URLs must be valid or the policy is ignored. Only the origin (scheme, host, and port) of the URL is evaluated.
This policy overrides DefaultWebHidGuardSetting, WebHidAskForUrls, WebHidBlockedForUrls, and the user’s preferences.
Location:
Administrative Templates/Microsoft Edge/Content settings
-
WebHidAllowDevicesForUrls
Description: This setting lets you list the URLs that specify which sites are automatically granted permission to access an HID device with the given vendor and product IDs.
Setting the policy Each item in the list requires both devices and URL fields for the item to be valid. Otherwise, the item is ignored.
- Each item in the devices field must have a vendor_id and may have a product_id field.
- Omitting the product_id field will create a policy matching any device with the specified vendor ID.
- An item that has a product_id field without a vendor_id field is invalid and is ignored.
If you don’t set this policy, that means DefaultWebHidGuardSetting applies, if it’s set. If not, the user’s personal setting applies.
URLs in this policy shouldn’t conflict with those configured through WebHidBlockedForUrls. If they do, this policy takes precedence over WebHidBlockedForUrls.
Location:
Administrative Templates/Microsoft Edge/Content settings
-
WebHidAllowDevicesWithHidUsagesForUrls
Description: This setting allows you to list the URLs that specify which sites are automatically granted permission to access an HID device containing a top-level collection with the given HID usage.
Each item in the list requires both usage and URL fields for the policy to be valid.
- Each item in the usages field must have a usage_page and may have a usage field.
- Omitting the usage field will create a policy matching any device containing a top-level collection with usage from the specified usage page.
- An item that has a usage field without a usage_page field is invalid and is ignored.
If you don’t set this policy, that means DefaultWebHidGuardSetting applies, if it’s set. If not, the user’s personal setting applies.
URLs in this policy shouldn’t conflict with those configured through WebHidBlockedForUrls. If they do, this policy takes precedence over WebHidBlockedForUrls.
Location:
Administrative Templates/Microsoft Edge/Content settings
-
MicrosoftRootStoreEnabled
Description: When this policy is set to enabled, Microsoft Edge will perform verification of server certificates using the built-in certificate verifier with the Microsoft Root Store as the source of public trust.
When this policy is set to disabled, Microsoft Edge will use the system certificate verifier and system root certificates. When this policy is not set, the Microsoft Root Store or system-provided roots may be used.
This policy will be removed in Microsoft Edge for Microsoft Windows and macOS once support for using the platform-supplied certificate verifier and roots are planned to be removed.
Location:
Administrative Templates/Microsoft Edge/
-
DefaultClipboardSetting
Description: This policy controls the default value for the clipboard site permission.
Setting the policy to “2” blocks sites from using the clipboard site permission.
Setting the policy to “3” or leaving it unset lets the user change the setting and decide if the clipboard APIs are available when a site wants to use an API.
This policy can be overridden for specific URL patterns using the ClipboardAllowedForUrls and ClipboardBlockedForUrls policies.
This policy only affects clipboard operations controlled by the clipboard site permission and doesn’t affect sanitized clipboard writes or trusted copy-and-paste operations.
Policy options mapping:
- BlockClipboard (2) = Do not allow any site to use the clipboard site permission
- AskClipboard (3) = Allow sites to ask the user to grant the clipboard site permission
Location:
Administrative Templates/Microsoft Edge/
-
ClipboardAllowedForUrls
Description: Configure the list of URL patterns that specify which sites can use the clipboard site permission.
Setting the policy lets you create a list of URL patterns that specify which sites can use the clipboard site permission. This doesn’t include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn’t controlled by the clipboard site permission.
Leaving the policy unset means DefaultClipboardSetting applies for all sites if it’s set. If it isn’t set, the user’s personal setting applies.
Location:
Administrative Templates/Microsoft Edge/
-
ClipboardBlockedForUrls
Description: Configure the list of URL patterns that specify which sites can use the clipboard site permission.
Setting the policy lets you create a list of URL patterns that specify sites that can’t use the clipboard site permission. This doesn’t include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn’t controlled by the clipboard site permission.
Leaving the policy unset means DefaultClipboardSetting applies for all sites if it’s set. If it isn’t set, the user’s personal setting applies.
Location:
Administrative Templates/Microsoft Edge/
-
SearchFiltersEnabled
Description: This policy lets you filter your autosuggestions by selecting a filter from the search filters ribbon. For example, if you select the “Favorites” filter, only favorites suggestions will be shown.
If you enable or don’t configure this policy, the autosuggestion dropdown defaults to displaying the ribbon of available filters.
If you disable this policy, the autosuggestion dropdown won’t display the ribbon of available filters.
Location:
Administrative Templates/Microsoft Edge/
Obsolete Policies
2 policies have become obsolete with Edge 109:
Security Enhancements
The following 14 security vulnerabilities have been addressed in Edge 109:
- CVE-2023-21775 – Remote Code Execution Vulnerability
- CVE-2023-21796 – Elevation of Privilege Vulnerability
- CVE-2023-0129 – Heap buffer overflow in Network Service
- CVE-2023-0130 – Inappropriate implementation in Fullscreen API
- CVE-2023-0131 – Inappropriate implementation in iframe Sandbox
- CVE-2023-0132 – Inappropriate implementation in Permission prompts
- CVE-2023-0133 – Inappropriate implementation in Permission prompts
- CVE-2023-0134 – Use after free in Cart
- CVE-2023-0135 – Use after free in Cart
- CVE-2023-0136 – Inappropriate implementation in Fullscreen API
- CVE-2023-0138 – Heap buffer overflow in libphonenumber
- CVE-2023-0139 – Insufficient validation of untrusted input in Downloads
- CVE-2023-0140 – Inappropriate implementation in File System API
- CVE-2023-0141 – Insufficient policy enforcement in CORS
Update to Edge 109
If you already have Microsoft Edge on your PC, you can simply upgrade it to the latest build using the guide given further down below. If not, use the links given in the next section to install it now.
Microsoft Edge comes preinstalled in Windows 11 and 10. Learn how to uninstall Microsoft Edge. If you wish to reinstall Edge, you can go here.
-
Open About Microsoft Edge.
About Microsoft Edge Click on the ellipses in the top-right corner of the browser, expand Help and feedback, and then click About Microsoft Edge.
-
Edge will automatically download and install the latest version. Click Restart when it’s done.
Restart Edge Edge will now begin to scan for an update, and then download and install it if one is available. Once the download is completed, you will need to Restart the browser.
Once it relaunches, you can return to the About page and check that it has been updated to version 109.0.1518.52.

If you want to download Edge 109 for offline installation, you can visit the following page which lists several methods to download and upgrade your Microsoft Edge browser.
Download Microsoft Edge Browser.
Download Security Baseline for Microsoft Edge 109
Security baselines are Microsoft-recommended configuration settings that add an additional layer of security to your environment. However, Microsoft has made minor changes to Microsoft Edge v107 Security Baseline and it is still their recommended baseline for Edge 109, as noted in their announcement.
This Baseline now includes 7 new computer settings and 7 new user settings. The following table contains the details of the new security settings included in Edge v107 Security Baseline:
Security Setting For | Details | Location within Windows Registry |
Machine | Allow clipboard use on specific sites | HKLM\Software\Policies\Microsoft\Edge\ClipboardAllowedForUrls |
Machine | Block clipboard use on specific sites | HKLM\Software\Policies\Microsoft\Edge\ClipboardBlockedForUrls |
Machine | Default clipboard site permission | HKLM\Software\Policies\Microsoft\Edge!DefaultClipboardSetting |
Machine | (Deprecated) Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates | HKLM\Software\Policies\Microsoft\Edge!MicrosoftRootStoreEnabled |
Machine | Allow listed sites to connect to specific HID devices | HKLM\Software\Policies\Microsoft\Edge!WebHidAllowDevicesForUrls |
Machine | Allow listed sites to connect to any HID device | HKLM\Software\Policies\Microsoft\Edge\WebHidAllowAllDevicesForUrls |
Machine | Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage | HKLM\Software\Policies\Microsoft\Edge!WebHidAllowDevicesWithHidUsagesForUrls |
User | Allow clipboard use on specific sites | HKCU\Software\Policies\Microsoft\Edge\ClipboardAllowedForUrls |
User | Block clipboard use on specific sites | HKCU\Software\Policies\Microsoft\Edge\ClipboardBlockedForUrls |
User | Default clipboard site permission | HKCU\Software\Policies\Microsoft\Edge!DefaultClipboardSetting |
User | (Deprecated) Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates | HKCU\Software\Policies\Microsoft\Edge!MicrosoftRootStoreEnabled |
User | Allow listed sites to connect to specific HID devices | HKCU\Software\Policies\Microsoft\Edge!WebHidAllowDevicesForUrls |
User | Allow listed sites to connect to any HID device | HKCU\Software\Policies\Microsoft\Edge\WebHidAllowAllDevicesForUrls |
User | Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage | HKCU\Software\Policies\Microsoft\Edge!WebHidAllowDevicesWithHidUsagesForUrls |
To gain more control over the browser and your PC, you can install this security baseline using the given steps:
-
Open the page for Microsoft Security Compliance Toolkit 1.0 and click Download.
Download Microsoft Security Compliance Toolkit -
Select Microsoft Edge v107 Security Baseline.zip.
Select Edge Security Baseline Check the box next to Microsoft Edge v107 Security Baseline.zip (and any other baselines you may require) and then click Next.
-
Extract the downloaded file.
Extract the file Your download should now begin. When downloaded, extract the files into a separate folder.
-
Navigate to the following location with the extracted folder:
Microsoft Edge v107 Security Baseline >> Scripts
-
Run Baseline-LocalInstall with PowerShell.
Run Security Baseline with PowerShell Right-click Baseline-LocalInstall and click on Run with PowerShell from the context menu.
To run the baseline for Active Directory, you should run the Baseline-ADImport script instead.
The script will now run automatically. Wait for the PowerShell window to close on its own, and the security baseline for Microsoft Edge 109 will now be installed.
Conclusion
Microsoft Edge 109 does not introduce any significant new features. However, it does address some critical and high-level vulnerabilities that could potentially be exploited. Therefore, it is recommended that you update your Edge browser immediately to keep your system safe.
Microsoft Edge Update History
Edge Version | Release Date | Features |
---|---|---|
Edge 109 | 13-Jan-23 | 14 security updates, 8 new policies, and 2 deprecated policies. |
Edge 108 | 5-Dec-22 | Important security fixes, a new policy to disable Web Select amongst others. |
Edge 107 | 27-Oct-22 | Improved sidebar, new policies, and security fixes. |
Edge 106 | 3-Oct-22 | Improved web defense and increased the maximum number of search results to 4 |
Edge 105 | 2-Sep-22 | Improvements to IE mode and enhanced security |
Edge 104 | 5-Aug-22 | Support to import data and enhanced security on the web |
Edge 103 | 23-Jun-22 | Improvements for online and web gaming |
Edge 102 | 31-May-22 | With reverse image search and security improvements |
Edge 100 | 1-Apr-22 | Sends 3-digit user agent string, PDF updates, and hardware-enforces stack protection |
Edge 99 | 3-Mar-22 | Custom primary password and PDF navigation |
Edge 98 | 4-Feb-22 | Edge Bar, reduced resource consumption |
Edge 97 | 6-Jan-22 | Auto-citation, endpoint data loss prevention (DLP) |
Edge 96 | 10-Dec-21 | Super duper secure mode, typosquatting |
Edge 90 | 15-Apr-21 | SSO, PDF printing |
Edge 88 | 21-Jan-21 | Password generator, transparent privacy controls |
Also see:
- Microsoft Edge 105 Released With Critical Security Fixes, Security Baseline; Still Might Crash
- Download Microsoft Edge 106 That Rewrites Defender SmartScreen Library
- Download Microsoft Edge 90: SSO + PDF Printing + Security Baseline
- Download Microsoft Edge 98 Security Baseline
- Download Microsoft Edge 106 Security Baseline