Internet Explorer 11 is disabled or removed (Intune)
🔐 Why ACSC Recommends Disabling IE11:
⚠️ 1. End of Support
-
Microsoft officially ended support for IE11 on June 15, 2022 (for most versions of Windows 10).
-
No more security updates, patches, or stability fixes.
⚠️ 2. High Exploit Target
-
IE11 has a long history of critical vulnerabilities, such as:
-
Remote code execution (RCE)
-
Memory corruption
-
ActiveX/Flash abuse
-
-
Attackers often use IE-specific exploits in phishing and drive-by attacks.
⚠️ 3. Legacy Rendering Engine (Trident)
-
Many exploit kits target older web rendering engines like Trident (used by IE).
-
Even viewing a malicious website could result in compromise without user interaction.
⚠️ 4. ACSC Hardening Guidance
The ACSC includes IE11 disablement as part of:
-
Application Hardening
-
Mitigation of phishing and web-based malware delivery
-
Essential Eight: especially under Application Control and Patch Applications
From ACSC guidance:
“Disabling Internet Explorer mitigates the risk of exploitation of its known vulnerabilities, especially when opening untrusted content such as email attachments or web links.”
⚠️ 5.Settings and Location
| Policy Setting | Value | Location |
|---|---|---|
| Disable Internet Explorer 11 as a standalone browser | Enabled | Administrative Templates → Windows Components → Internet Explorer |
| Disable Internet Explorer 11 as a standalone browser (User) | Enabled | Administrative Templates → Windows Components → Internet Explorer |