Disable or remove Internet Explorer 11
Ensure Internet Explorer 11 is not used to increase security.
Plain language
This control is about stopping the use of Internet Explorer 11 because it is outdated and no longer receives security updates from Microsoft. Without this control, your systems could be more easily attacked by cybercriminals using common hacking tools, putting your data at risk.
Framework
ASD Essential Eight
Control effect
Proactive
E8 mitigation strategy
Application hardening
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1
Official control statement
Internet Explorer 11 is disabled or removed.
Why it matters
IE 11's lack of security updates makes it an easy target for attackers, potentially leading to data breaches and financial losses.
Operational notes
Regularly audit endpoints to confirm Internet Explorer 11 is uninstalled or disabled, and block iexplore.exe via policy to prevent re-enablement.
Implementation tips
- IT team should regularly review and update the list of approved software to ensure Internet Explorer 11 is no longer included. This involves removing it from any installations or images used in the company.
- System administrators should disable Internet Explorer 11 through Group Policy settings. This can be done by accessing the 'Computer Configuration/Administrative Templates/Windows Components/Internet Explorer' and enabling the 'Disable Internet Explorer 11 as a standalone browser' setting.
- Security officers should communicate with employees about the change, informing them of the risks associated with Internet Explorer 11 and guiding them to use newer, supported browsers like Microsoft Edge.
- IT team should configure application control to block the Internet Explorer executable file 'iexplore.exe' to prevent it from being launched by standard users, even if it is still present on the system.
Audit / evidence tips
- AskHas Internet Explorer 11 been disabled across all systems?
- GoodThe setting is enabled, confirming Internet Explorer 11 is disabled
- AskWhat measures are in place to prevent users from launching Internet Explorer?
- GoodA rule is in place preventing the execution of the 'iexplore.exe' file
Cross-framework mappings
How E8-AH-ML1.1 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.8 | E8-AH-ML1.1 requires Internet Explorer 11 to be disabled or removed to reduce known and future technical vulnerability exposure | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-0380 | E8-AH-ML1.1 requires Internet Explorer 11 to be disabled or removed to reduce exposure to a legacy, vulnerable browser | |
| handshake Supports (1) expand_less | ||
| ISM-1915 | E8-AH-ML1.1 requires Internet Explorer 11 to be disabled or removed as a specific approved hardening outcome | |
| link Related (4) expand_less | ||
| ISM-1470 | ISM-1470 requires disabling or removing unneeded components, services and functionality in common applications to minimise exploitable fe... | |
| ISM-1654 | ISM-1654 requires Internet Explorer 11 to be disabled or removed to reduce exposure to insecure or legacy browsing components | |
| ISM-1798 | ISM-1798 requires producing and providing secure configuration guidance for consumers as part of software development | |
| ISM-1858 | ISM-1858 requires IT equipment to be hardened using ASD and vendor hardening guidance, applying the most restrictive guidance if there is... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.