Microsoft Edge 150 did not kill Microsoft’s admin policy for AI-enhanced History search. That leaves IT teams with a harder question: which browser AI controls are actually enforced across managed devices?
Microsoft’s policy catalog still lists EdgeHistoryAISearchEnabled as an available control, even as recent reporting says Microsoft has paused the AI-powered history search feature for now. The policy’s status gives security and endpoint teams a reason to review Edge AI controls, search suggestions, Copilot page access, account sign-ins, and extension permissions.
Edge AI history search is still a policy issue
The Edge policy catalog lists three new policies for Edge 150 and names DisabledMiniApps as the only obsoleted policy for that version. EdgeHistoryAISearchEnabled still appears in the available policy list.
The EdgeHistoryAISearchEnabled policy controls whether users can use AI-enhanced search in Edge browsing history. When enabled or left unconfigured, it lets users search History with synonyms, natural language phrases, and minor spelling errors. When disabled, History search is limited to exact matches.
Microsoft lists the policy as supported on Windows and macOS starting with Edge 138. It is mandatory, dynamically refreshable, and per-profile for teams managing Edge through Group Policy, Intune, or another policy channel.
Recent Edge changes, including the removal of Edge Collections in version 149, make version-by-version policy review more than a routine update check.
The account caveat creates a separate enforcement risk. The policy page says the control does not apply to profiles signed in with a personal Microsoft account. Microsoft also says that, starting with Edge 116, certain policies do not apply to profiles signed in with a Microsoft account.
Browser history can expose client names, internal tools, legal research, health-related searches, deal activity, unreleased product work, or regulated workflows, leaving security teams to prove which Edge profile, extension, or AI surface had access to that data.
Search, Copilot, and extensions need a privacy audit
Start with search suggestions. Microsoft’s SearchSuggestEnabled policy says that when web search suggestions are disabled, typed characters and visited URLs are not included in telemetry to Microsoft. If the policy is unset, users can change the setting.
Microsoft’s privacy statement says Bing-powered searches can use search or command text, IP address, location, cookie identifiers, time and date, and browser configuration to complete a request. It also says Microsoft collects characters typed for search suggestions and that search suggestions cannot be turned off in the Windows 10 and Windows 11 search box.
Copilot settings need a separate review. The EdgeEntraCopilotPageContext policy controls whether Copilot in the Edge side pane can access page content and browsing history for Entra account profiles. If the policy is not configured, access is enabled by default outside the EU and disabled by default in the EU.
That policy review fits into broader Copilot governance concerns, including a recent Italian investigation into Microsoft 365 pricing tied to Copilot.
Microsoft 365 Copilot is governed separately from consumer search and browsing experiences. Microsoft says in its Microsoft 365 Copilot privacy documentation that prompts, responses, and data accessed through Microsoft Graph are not used to train foundation large language models and remain within the Microsoft 365 service boundary.
Third-party browser extensions also belong in the audit, especially after researchers linked 105,000 Chrome installs to hidden data logging and fake traffic. UC Davis researchers found that some popular AI browser assistant extensions collected full page HTML, form inputs, user queries, telemetry, or demographic inferences.
Security teams should inventory AI extensions, restrict unapproved assistants, document personal Microsoft account use in Edge profiles, and confirm whether EdgeHistoryAISearchEnabled, SearchSuggestEnabled, and Copilot page-context policies are explicitly configured.
Edge 150 is not a fix for browser AI privacy. It is a prompt to check whether browser history, typed searches, page content, and extension activity are governed by enforceable policy.
Also read: A SimpleHelp flaw is being exploited to deploy malware targeting Windows, macOS, and Linux.