Microsoft Edge 146 Introduces IP‑Privacy Controls and Enterprise Local‑Network Access Policies
What Happened – Microsoft released Edge 146 (Stable) on 13 Mar 2026, adding a unified tracking‑prevention setting for InPrivate windows, a Private IP routing feature that masks user IPs, and new Local Network Access (LNA) policies that let admins restrict web‑to‑device traffic. The update also refines the Clear‑Browsing‑Data UI and adds TLS‑cipher‑suite preferences for managed deployments.
Why It Matters for TPRM –
- Enhanced IP‑privacy reduces the risk of third‑party profiling of end‑users, a data‑privacy concern for vendors handling personal data.
- LNA policies give enterprises granular control over browser‑initiated requests to internal assets, mitigating supply‑chain exposure from compromised web content.
- TLS‑cipher‑suite controls help enforce corporate encryption standards across a widely deployed endpoint.
Who Is Affected – All organizations that allow employees to use Microsoft Edge, especially those in regulated sectors (finance, healthcare, government) that rely on strict network segmentation and privacy compliance.
Recommended Actions –
- Verify that your endpoint‑management tools are set to auto‑install Edge 146 or later.
- Review and, if needed, update your browser‑security baselines to incorporate the new LNA policies.
- Align your privacy‑impact assessments with the Private IP feature to ensure it meets GDPR/CCPA expectations.
Technical Notes – The release bundles upstream Chromium security patches (no public CVE IDs disclosed) and introduces:
- Removal of separate tracking‑prevention levels for InPrivate windows.
- “Private IP” routing that tunnels tracker traffic through Microsoft’s Secure Network, obscuring the client’s public IP.
- LNA policies configurable via Edge Enterprise policies (e.g.,
LocalNetworkAccessAllowedIPs). - TLS‑cipher‑suite preference settings for enterprise‑managed browsers.
Source: Help Net Security