Microsoft Edge Privacy Settings: A Configuration Guide for Privacy-Conscious Users
Edge gets a lukewarm reception from privacy advocates, mostly because the Microsoft branding and default integrations — Copilot everywhere, Bing as default search, Shopping suggestions phoning home — paint it as a surveillance-forward product. That characterization is partly fair. But Edge also ships with built-in tracking prevention that Chrome lacks entirely, and for Windows users who don’t want to change browsers, configuring Edge properly results in meaningfully better privacy than accepting the defaults. This is the configuration walkthrough.
Tracking Prevention: The First Stop
Settings → Privacy, search, and services → Tracking prevention.
Three modes:
- Basic. Blocks known malicious trackers only. Everything else passes through. This is not useful from a privacy standpoint.
- Balanced (default). Blocks trackers from sites you haven’t visited. Compatible trackers from sites you have visited are allowed, reducing breakage while providing cross-site tracking protection. For most users, this is a reasonable default.
- Strict. Blocks trackers from all sites regardless of your visit history. Some pages will break, particularly those with embedded widgets or third-party authentication flows.
Set this to Strict and use the “Exceptions” button to add sites that break. Don’t lower the global level because one site breaks.
Below the mode selector: “Blocked trackers” shows what was caught in your current session. This is useful for understanding what’s actually being blocked.
The tracking prevention list is maintained by Microsoft, sourced from Disconnect.me’s tracking protection lists. This is the same source Firefox’s Enhanced Tracking Protection uses, so the coverage is comparable between the two browsers when both are in Strict mode.
Microsoft Data Collection: Turn It Off
Settings → Privacy, search, and services → Personalization & advertising.
Disable: “Allow Microsoft to save your browsing activity including history, usage, favorites, web content, and other browsing data to personalize Microsoft Edge and Microsoft services like ads, search, shopping, and news.”
This is the setting that feeds your browsing history into Microsoft’s advertising profile for you. It should be off.
Settings → Privacy, search, and services → Optional diagnostic data. Turn off. This stops Edge from sending detailed usage telemetry. You’ll still send “Required diagnostic data” (crash reports, basic usage metrics that Microsoft says are minimal). You cannot turn this off entirely in Edge — it’s part of the Windows data collection architecture.
Search and New Tab: Remove Bing
Settings → Privacy, search, and services → Address bar and search. Change default search engine to DuckDuckGo, Brave Search, or another non-Google, non-Bing option. DuckDuckGo and Brave Search both return useful results without the tracking profile.
New tab page: the default displays Microsoft news, weather, and a Bing search bar that submits data to Microsoft. Settings → New tab page → Page layout → Custom, then turn off Feed, Background, Sponsored shortcuts, and Quick links (or adjust to minimal). Alternatively, install a minimal new tab extension.
Copilot and Sidebar: Disable
Edge ships with Copilot (Microsoft’s AI assistant, Bing-powered) as a sidebar panel. Using Copilot sends queries and page context to Microsoft’s servers.
Settings → Sidebar → Copilot. Turn off “Show Copilot button in toolbar.” Settings → Sidebar → Always show sidebar. Turn off. This removes the sidebar entirely and eliminates the Copilot surface.
Settings → Privacy, search, and services → Shopping in Microsoft Edge. Disable “Save time and money with Shopping in Microsoft Edge.” This stops Edge from detecting retail pages and querying Microsoft’s price comparison services.
Password Manager: Configure or Replace
Edge has a built-in password manager that syncs to Microsoft’s cloud (linked to your Microsoft Account). The sync data is encrypted in transit but not end-to-end encrypted — Microsoft can read your passwords.
If you use Edge’s password manager: Settings → Passwords → Password sync. Disable if you don’t want passwords in Microsoft’s cloud. Use local storage only. Note that local-only passwords are not backed up.
Better: use a dedicated password manager like Bitwarden or 1Password and disable Edge’s built-in manager entirely. Settings → Passwords → Offer to save passwords. Turn off.
SmartScreen and Security Settings
Settings → Privacy, search, and services → Security.
Microsoft Defender SmartScreen. Checks downloads and sites against Microsoft’s reputation list. This is legitimately protective — SmartScreen catches phishing pages and malicious downloads. The tradeoff is that download hashes and URLs go to Microsoft. Keep this on unless your threat model specifically excludes Microsoft from trusted parties.
Typosquatting checker. Compares the URL you’re typing against common brand domains. Small privacy cost, small protection benefit. Leave on or off per preference.
Website typo protection. Similar — warns if you appear to have mistyped a domain. The warning does involve sending the URL you’re navigating to Microsoft. Low-risk.
Enhance your security on the web. Three levels: Basic, Balanced, Strict. This enables extra mitigations (RendererCodeIntegrity, Control Flow Guard enforcement) for sites you haven’t explicitly trusted. Balanced is reasonable. Strict breaks some sites that use JIT compilation in ways these mitigations flag.
DNS over HTTPS
Settings → Privacy, search, and services → Security → Use secure DNS. Enable. Choose your provider: Cloudflare (1.1.1.1), Google (8.8.8.8), Quad9, NextDNS, or custom. Avoid “current service provider” if you’re on an ISP that logs DNS.
DoH in Edge works identically to Chrome’s implementation — encrypted DNS queries to the chosen resolver. Same caveats as elsewhere: this hides DNS from your ISP, not from the DoH provider, and does not hide the sites you visit from network observers looking at TLS SNI.
InPrivate Mode: What It Does and Doesn’t Do
Edge’s InPrivate mode does: clear cookies, history, and form data when the window closes; prevent history from persisting to your profile.
Edge’s InPrivate mode does not: hide your IP address, prevent sites from fingerprinting you, hide traffic from your ISP or network, or prevent websites from knowing who you are if you log in. Microsoft’s published documentation acknowledges that in InPrivate mode, browsing activity may still be visible to your organization (if you’re on a managed device) and to websites you visit.
InPrivate is useful for: using shared computers, keeping a session separate from your main profile, quick searches you don’t want in history. It is not useful as a privacy tool against network observers or persistent tracking.
Extensions Worth Adding
Edge supports Chrome Web Store extensions. A short list of additions that complement the configuration above:
- uBlock Origin — Content-blocking extension that operates at the network request level. Install from the Chrome Web Store; works identically in Edge. gorhill/uBlock on GitHub has documentation on the filter lists and advanced configuration.
- Firefox Multi-Account Containers equivalent: Edge doesn’t have this natively. Some users use multiple Edge profiles to achieve similar isolation.
Note: Edge’s Tracking Prevention already blocks many things uBlock Origin would catch. Running both adds depth, not duplication — uBlock handles cosmetic filtering, element hiding, and custom filter lists that Tracking Prevention doesn’t cover.
What This Configuration Achieves
After applying: Strict Tracking Prevention, disabling personalization data collection, removing Bing/Copilot integration, configuring DoH, and installing uBlock Origin, Edge becomes a meaningfully more private browser than default. You’re blocking most cross-site tracking, not feeding Microsoft an ad profile, not sending search queries to Bing, and encrypting DNS.
What it doesn’t do: protect against IP-based tracking, sophisticated first-party fingerprinting, or Microsoft’s required telemetry. For those concerns, a Firefox or Brave configuration offers more control.
FAQ
Is Edge private enough for banking? With Strict tracking prevention and SmartScreen on, Edge is fine for banking. The question is whether you’re comfortable with Microsoft receiving your browsing telemetry. For most banking contexts, the threat model is phishing and malicious downloads, not telemetry — SmartScreen helps with both.
Does Edge send my browsing history to Microsoft by default? With the default “Personalization & advertising” setting on: yes, in aggregated form for ad targeting. With it disabled: basic telemetry (crash reports, feature usage metrics) but not browsing history.
Should I sign into my Microsoft Account in Edge? If you need sync across devices, signing in is convenient. If you’re privacy-focused, don’t sign in — it links your browsing session to your Microsoft identity. You can use Edge without an account.
How does Edge compare to Firefox for privacy after configuration?
Firefox with Strict ETP configured gives more granular control and benefits from better extension protections (less restricted webRequest API under MV3). Edge is more convenient for Windows users already in the Microsoft ecosystem. Both beat Chrome defaults substantially.