Typosquatting is a cyber threat in which the attacker registers a domain strikingly similar to another organization’s domain name. For example, cloudinnfra.net instead of cloudinfra.net. Notice the extra n in the name.
Edge Typosquatting Checker is a security feature designed to mitigate the risks associated with typosquatting by protecting users from typographical errors when entering URLs. This helps prevent users from inadvertently accessing websites that mimic legitimate ones and could be used for malicious purposes.
Microsoft Edge web browser enables the TyposquattingChecker (Website typo protection) feature by default. However, you may want to ensure that users cannot disable this security feature using centralized policy controls.
- For Intune-managed devices:
- Deploy a Configure Edge TyposquattingChecker Settings catalog policy.
- For Active-directory managed devices:
- Create a GPO and use a Configure Edge Website Typo Protection setting.
Website Typo Protection option in Microsoft Edge
You may want first to check if Website typo protection option is enabled or disabled in Edge before you create an Intune or GPO policy. To check and confirm this option, follow the below steps:
- Open MS Edge browser.
- Type edge://settings/privacy in the address bar and press Enter.
- Scroll down to find an option for Website typo protection under the Security section.
- This should be Enabled by default, as shown in the screenshot below.
Configure Edge TyposquattingChecker using Intune
- Sign in to the Intune admin center > Devices > Configuration > Create > New Policy.
- Select Platform as Windows 10 and later
- Profile type as Settings Catalog
- Click on the Create button.
- Basics Tab – Enter the Name and Description of the profile.
- Configuration Settings
- Click on + Add settings
- In the Settings picker, search for TyposquattingChecker.
- Click on the Category Microsoft Edge\Typosquatting Checker settings.
- Check the box for Configure Edge TyposquattingChecker.
- Configure Edge TyposquattingChecker – This is a device based setting which applies to any user who will use the device.
- Configure Edge TyposquattingChecker (User) – It’s a user based setting and can be assigned to selected users only.
- Use the Toggle switch to Enable this setting and click on Next to proceed to the next step. To disable this setting, keep it at its default disabled state and click on Next.
- Scope tags – Click on Next.
- Assignments tab – Select Add groups and select an Entra security group containing Windows 10/11 devices or Entra ID users.
- Review + create – Review the policy summary and click Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Monitoring Policy Deployment Progress
- Sign in to the Intune admin center > Devices > Configuration.
- Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
- Click on View report to access more detailed information.
Configure Edge Website Typo Protection using Group Policy
- Press the Windows key + R to open the Run dialog box.
- Type
gpmc.mscto open the Group policy management console. - Please navigate to the Group Policy Objects, right-click on it, and select New.
- Provide a Name of the GPO, For example, Configure Edge Website Typo Protection.
- Right-click on the newly created Group policy and select Edit.
- Navigate to Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Edge Website Typo Protection Settings, and on the right-hand side, locate the policy setting Configure Edge Website Typo Protection.
Please note that if you cannot find the Microsoft Edge folder in the Group Policy Object (GPO) editor, you may need to download and import the Microsoft Edge ADMX templates on the domain controller first. For detailed instructions, please refer to this step-by-step guide: Download and Import ADMX Templates for Microsoft Edge.
Download and Import Microsoft Edge ADMX Template Files on a Domain Controller
- Double-click on it and Enable this policy. Click on OK to save the changes. If you want to disable the Website Typo Protection setting, select Disabled and click OK to save the changes.
Link the GPO to an Organizational Unit (OU)
After configuring the policy setting, configuring Edge Website Typo Protection, and saving the GPO, you must link it to an organizational unit containing Windows 10/11 computers. To test this GPO initially, link it with an OU containing a few test PCs. Once you confirm the policy is applying successfully, you can expand its scope by linking this GPO with an OU containing production/business user devices.
End User Experience
After the policy has been applied on end user devices, open Edge browser and type edge://settings/privacy in the address bar. Scroll down to the Security section and find the setting Website typo protection, which will be enabled (as configured in the Intune policy) and greyed out.
