Computer Configuration > Administrative Templates > Microsoft Edge > Content settings
Both
HKLM\Software\Policies\Microsoft\Edge
Define a list of sites, based on URL patterns, that aren't allowed to run JavaScript. If you don't configure this policy, 'DefaultJavaScriptSetting' (Default JavaScript setting) applies for all sites, if it's set. If not, the user's personal setting applies. For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed. Note that this policy blocks JavaScript based on whether the origin of the top-level document (usually the page URL that is also displayed in the address bar) matches any of the patterns. Therefore this policy is not appropriate for mitigating web supply-chain attacks. For example, supplying the pattern `https://[*.]foo.com/` will not prevent a page hosted on, say, `https://contoso.com` from running a script loaded from `https://www.foo.com/example.js`. Furthermore, supplying the pattern `https://contoso.com/` will not prevent a document from `https://contoso.com` from running scripts if it is not the top-level document, but embedded as a sub-frame into a page hosted on another origin, say, `https://www.fabrikam.com`. Example value: https://www.contoso.com [*.]contoso.edu