Exporting saved passwords from Microsoft Edge allows users to download all stored credentials as a CSV file. While this feature is convenient for personal use, it introduces security risks in shared or organizational environments, such as the potential for unauthorized data exfiltration. Administrators can block this capability using built-in policy controls, ensuring that users cannot export passwords from the browser’s password manager. This guide outlines the most effective methods to prevent password exports, covering both Group Policy and Registry Editor approaches.

Disable Password Export Using Local Group Policy Editor

Step 1: Launch the Local Group Policy Editor by pressing Win + R, typing gpedit.msc, and pressing Enter. This tool is available on Windows 10/11 Pro, Enterprise, and Education editions. If you have not yet installed the Microsoft Edge administrative templates, download and integrate the ADMX/ADML files from Microsoft’s official site so Edge policies appear in the editor.

Step 2: In the policy editor, navigate to Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Microsoft Edge > Password manager and protection. This section contains all policies related to password management in Edge.

Step 3: Locate the setting called Enable exporting saved passwords from Password Manager. Double-click to open its properties. Select the Disabled option to block users from exporting passwords. Click Apply and then OK to enforce the change. This action immediately removes the export button from the password manager interface in Edge for all affected users.

Policy changes typically apply after a system restart or by running gpupdate /force from the command prompt. Confirm the export button is absent in edge://settings/passwords or edge://wallet/passwords.

Block Password Export via Windows Registry Editor

On devices without access to Group Policy (such as Windows Home editions), you can set the policy directly in the Windows Registry. This method achieves the same effect and is suitable for individual machines.

Step 1: Open the Registry Editor by pressing Win + R, typing regedit, and pressing Enter. Approve the User Account Control prompt to proceed.

Step 2: In the Registry Editor, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge. If the Edge key does not exist, right-click the Microsoft folder, select New > Key, and name it Edge.

Step 3: Right-click the Edge key, choose New > DWORD (32-bit) Value, and name it PasswordExportEnabled. Double-click this entry and set its value to 0 (zero). This disables the password export feature for all Edge profiles on the device.

Close the Registry Editor and restart Microsoft Edge. The export option will no longer be available in the password manager settings.

Additional Security Considerations and Recommendations

Blocking password export is an effective way to reduce the risk of large-scale credential leaks, but it does not address all security concerns. Users with access to the device and knowledge of the device password may still be able to reveal individual passwords, provided they can authenticate. For stronger protection, consider these additional measures:

  • Disable Edge’s built-in password manager entirely by setting the PasswordManagerEnabled policy to 0 via Group Policy or Registry. This prevents Edge from saving any new passwords.
  • Encourage users to sign in with their own Windows accounts, especially on shared devices, to avoid cross-user access to stored credentials.
  • Educate users about the importance of device security, including locking screens and avoiding password reuse.
  • Consider transitioning to a dedicated password manager with advanced access controls, audit trails, and cross-platform support for organizational use.

Microsoft Edge also supports requiring device authentication before autofilling or exporting passwords, which adds a layer of deterrence. However, this relies on the secrecy of the device password and does not prevent all forms of credential access if the device is compromised or malware is present.

By configuring the appropriate policy or registry setting, administrators can reliably block users from exporting saved passwords in Microsoft Edge, reducing the risk of mass credential leaks and improving control over sensitive account data.