Internet access is blocked on 3rd party browsers on windows 10 devices that are applied with windows information protection (WIP) policies using intune

Since few weeks i was working on office 365 stuff including o365 applications teams ,onedrive and managing the mobile devices +windows (MDM/MAM) using intune.

while working on this ,i found that ,windows 10 devices that are applied with WIP policies ,internet is getting blocked (access denied) on 3rd party browsers like Google chrome,Firefox but it works fine on Edge, internet explorer browsers.

If you are trying to access internet on Firefox,chrome or any other browser (except IE or edge) ,you will hit the following error.

Internet Access is blocked

 

To know more about windows information protection ,read TechNet article https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip

To use 3rd party browsers such as Chrome,Firefox , we need to define a Cloud Resource rule and pass through the /*AppCompat*/ variable. This is because when an unenlightened app like chrome,Firefox tries to connect to a cloud resource through an IP, Windows cant determine if it is a corporate location or a personal location, so the default behaviour for Windows is to block all connections. To resolve this you will need to simply add Cloud Resources like below, which defines the cloud resource locations you want to make as corporate.

To know more about how Unenlightened app, please read https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/app-behavior-with-wip

image

How do you allow 3rd party browsers to access internet  (this is not protecting the data on the application but just to allow internet access )?

Login to www.portal.azure.com

Go to intune app protection, click on App policy (intune app protection – app policy) ,click on the windows 10 compliance policy (you will notice windows on the platform)

SNAGHTML601cae70

On the windows 10 app protection policy ,click on Advanced settings –click on cloud resources

SNAGHTML601dcce8

Add |/*AppCompat*/ in the value field and click ok. There is no sequence to add this value ,you can add it anywhere .

Once you add the value, make sure you have tick mark on the right-side to make sure the changes are valid.

image

Click save for advanced settings .

Now users who are using the windows 10 devices should be able to access internet using 3rd party browses.

Recommended reading

https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/app-behavior-with-wip 

https://docs.microsoft.com/en-au/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip

Hope it helps!

6 Responses to "Internet access is blocked on 3rd party browsers on windows 10 devices that are applied with windows information protection (WIP) policies using intune"

  1. Hi,

    I setup the WIP policy and 3rd party web browser are not blocked.
    I setup the Network perimeter according to the Microsoft document.
    And I haven' t setup the /*AppCompat*/ for the cloud resources.
    My experience is that I can still browse through Chrome and Firefox.

    Is the behavior changed or I have missed in my setup?

    Thanks
    Cole

    Reply
    1. Hi,
      To access intranet sites using chrome on external networks, you must publish them via app proxy and try to use the external facing URL . You also need to add the extension of the app proxy that you configured into WIP policy.

      Thanks,
      Eswar

      Reply

Post Comment