Enhanced Security Mode (ESM) is a security feature in Microsoft Edge that adds another line of protection against malicious websites and memory-based attacks. When enabled, it reduces vulnerability exposure during browsing by applying stricter security settings, turning off Just-In-Time (JIT) compilation, and turning on OS-level mitigations.
By default, users can get around ESM for certain websites if they don’t work properly when ESM is enabled or if they need to access trusted internal sites marked as unfamiliar. However, admins can also turn off this bypass feature in managed environments to enforce a uniform security policy on all endpoints.
This guide will show you how to configure Microsoft Edge’s Enhance your security on the web feature to suit your browsing and security needs.
📌 Recommended deployment strategies:
Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Enable or disable via Registry Editor | ✓ | |
| Method 2: Enable or disable via Command Prompt | ✓ | |
| Method 3: Enable or disable via PowerShell | ✓ | ✓ |
| Method 4: Enable or disable via Group Policy | ✓ |
How to manage Microsoft Edge enhanced security settings with bypass policy
Before you begin, note that the following methods apply to Windows 10 and 11 systems and require Microsoft Edge version 104 or later.
Method 1: Enable or disable via Registry Editor
This method doesn’t require command-line knowledge and is easier to understand due to its visual interface.
📌 Use Cases: Use this if you’re directly applying the policy on individual systems without Group Policy.
📌 Prerequisites: You must be signed in as an administrator.
⚠️ Warning: Editing the registry can cause system issues. Create a backup before proceeding.
Steps:
- Press Win + R to open the Run dialog box.
- Type regedit and click Enter to launch the Registry Editor.
- Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
- If the Edge key doesn’t exist:
- Right-click Microsoft.
- Select New > Key.
- Name it Edge.
- If the Edge key doesn’t exist:
- Right-click on the right pane of the Edge key.
- Select New > DWORD (32-bit) Value.
- Name it EnhanceSecurityModeAllowUserBypass (Read #1 in ⚠️ Things to look out for.)
- Set the value to:
- 1 – Allow users to bypass Enhanced Security Mode (default behavior).
- 0 – Prevent users from bypassing Enhanced Security Mode.
- Close the Registry Editor and restart Microsoft Edge to apply the changes. (Read #2 in ⚠️ Things to look out for.)
Method 2: Enable or disable via Command Prompt
For users comfortable with command-line tools, this method is fast and scriptable.
📌 Use Cases: Use this if you need to automate changes via a batch script and apply settings across multiple machines.
📌 Prerequisites: Must be run as an administrator.
Steps:
- Open Command Prompt as Administrator.
- Search for cmd, right-click Command Prompt, then select Run as administrator, or
- Press Win + R, type cmd, and press Ctrl + Shift + Enter to open Command Prompt as administrator.
- Use this command to enable user bypass:
reg add “HKLM\SOFTWARE\Policies\Microsoft\Edge” /v EnhanceSecurityModeAllowUserBypass /t REG_DWORD /d 1 /f (Read #1 in ⚠️ Things to look out for.)
- Use this command to disable user bypass:
reg add “HKLM\SOFTWARE\Policies\Microsoft\Edge” /v EnhanceSecurityModeAllowUserBypass /t REG_DWORD /d 0 /f - Restart Microsoft Edge to apply the policy. (Read #2 in ⚠️ Things to look out for.)
Method 3: Enable or disable via PowerShell
For advanced users or IT admins managing configurations at scale, PowerShell also offers a scriptable approach suitable for provisioning and deployment tools.
📌 Use Cases: Use this if you manage settings via automation tools like SCCM, Intune, or deployment scripts.
📌 Prerequisites: Must be run as an administrator.
Steps:
- Press Win + S, search for PowerShell, right-click Windows PowerShell, then select Run as administrator. (Read #3 in ⚠️ Things to look out for.)
- Use this command to enable user bypass:
$edgeKeyPath = “HKLM:\SOFTWARE\Policies\Microsoft\Edge”
if (-not (Test-Path $edgeKeyPath)) {
New-Item -Path “HKLM:\SOFTWARE\Policies\Microsoft” -Name “Edge” | Out-Null
}New-ItemProperty -Path $edgeKeyPath -Name “EnhanceSecurityModeAllowUserBypass” -Value 1 -PropertyType DWord -Force(Read #1 in ⚠️ Things to look out for.)
- Use this command to disable user bypass:
$edgeKeyPath = “HKLM:\SOFTWARE\Policies\Microsoft\Edge”
if (-not (Test-Path $edgeKeyPath)) {
New-Item -Path “HKLM:\SOFTWARE\Policies\Microsoft” -Name “Edge” | Out-Null
}New-ItemProperty -Path $edgeKeyPath -Name “EnhanceSecurityModeAllowUserBypass” -Value 0 -PropertyType DWord -Force - Restart Microsoft Edge to apply the changes. (Read #2 in ⚠️ Things to look out for.)
Method 4: Enable or disable via Group Policy
This method is advised for managing policies in enterprise environments or domain-joined systems.
📌 Use Cases: Use this when multiple devices need centralized control and policy enforcement.
📌 Prerequisites:
- Requires Microsoft Edge ADMX templates installed. (Read #4 in ⚠️ Things to look out for.)
- Requires administrative privileges.
- Requires Windows Pro, Enterprise, or Education.
Steps:
- Press Win + R to open the Run dialog box.
- Type gpedit.msc and click Enter to launch the Group Policy Editor.
- Navigate to: Computer Configuration > Administrative Templates > Microsoft Edge
- Find the policy: Allow users to bypass Enhanced Security Mode.
- Double-click it and set the policy to:
- Enabled – Allow bypass.
- Disabled – Prevent bypass.
- Click Apply, then OK.
- Restart Edge or run gpupdate /force in Command Prompt to apply the policy immediately. (Read #2 in ⚠️ Things to look out for.)
Verification
After applying the policy, confirm the browser recognizes it.
- Open Microsoft Edge.
- In the address bar, navigate to edge://policy.
- Confirm that the EnhanceSecurityModeAllowUserBypass policy is listed with the correct value.
💡 If it’s missing, the policy didn’t apply.
This step ensures that the browser properly applies and recognizes the policy.
⚠️ Things to look out for
Risks | Potential Consequences | Reversals |
| Incorrect value type or format in Registry or PowerShell. | Policy silently fails or behaves unexpectedly. | Delete and recreate the value using the correct type and format. |
| Forgetting to restart Edge or force a policy refresh. | Policy changes will not take effect immediately. | Restart Microsoft Edge or run gpupdate /force for Group Policy. |
| Applying policies without administrator access. | Permissions error or policy ignored. | Run Registry Editor, CMD, or PowerShell as an administrator. |
| Missing Microsoft Edge ADMX templates in Group Policy. | The target policy is not visible or configurable in GPO. | Download and install the latest ADMX files from Microsoft’s Edge for Business site. |
Additional considerations to avoid misconfiguring Enhanced Security Mode
Here are a few key points you should know to avoid confusion or issues when enabling or disabling the bypass ESM in Microsoft Edge:
Bypass policy is not a global disable
The bypass policy doesn’t entirely disable the Enhanced Security Mode. Instead, it controls whether users can opt out of ESM protections for specific websites. The overall ESM setting remains active and applies based on the configured level (Balanced or Strict).
Disabling ESM entirely requires a separate policy
If you need to disable ESM completely, use a separate policy named EnhanceSecurityMode. This setting can be configured via Group Policy, Registry, PowerShell, or Command Prompt.
Machine-level policies override user settings
When policies are applied at the machine level (Group Policy and Registry), they override any user-configured settings in Edge’s UI. This ensures consistent enforcement, which is ideal for organizations requiring centralized control.
Troubleshooting common Microsoft Edge ESM policy application issues
If you’re facing issues where the policy isn’t working as expected, here are some common problems and solutions:
Policy not taking effect
If the bypass policy isn’t taking effect, double-check the registry path and confirm the value name is formatted correctly. Moreover, restart Microsoft Edge to make sure changes are applied.
Group Policy setting not applying
If the Group Policy setting isn’t applying, ensure the Microsoft Edge ADMX templates are installed and updated. Also, run gpupdate /force in Command Prompt to refresh Group Policy settings.
Policy not showing in Edge
Open Microsoft Edge and check edge://policy to confirm if the policy is loaded and whether it’s considered active. If it’s missing, the policy wasn’t applied correctly.
Secure browsing with flexible control over Microsoft Edge enhanced security
Controlling user access to bypass Enhanced Security Mode (ESM) makes maintaining consistent security standards across managed environments possible. Windows offers several methods to implement this, depending on the use case.
The Registry Editor is ideal for manual control on single systems, while Command Prompt and PowerShell are for scripted deployments. Group Policy remains the most effective option for domain-wide enforcement, allowing centralized and enforced policy management across multiple devices.
Related topics:
- How to Enable or Disable InPrivate Browsing in Microsoft Edge in Windows 11
- How to Disable Microsoft Edge from Launching at Startup in Windows
- How to Enable or Disable Autofill in Microsoft Edge in Windows 10
- How to Add or Remove the Sidebar in Microsoft Edge
- How to Enable or Disable IE Mode in Microsoft Edge
- How to Disable Microsoft Edge from Launching at Startup in Windows
- How to Enable or Disable Sync Browsing Data in Microsoft Edge Across Devices
- How to Enable or Disable Super Drag and Drop in Microsoft Edge
