If you are using Microsoft intune as MDM solution to manage mobile devices ,you will certainly hit the requirement of managing Internet access using Managed Browser policies with Microsoft Intune to allow or block,bookmark and set home page with certain URL’s.
Intune Managed Browser is a web browsing application that you can download from public app stores (apple store or Google play store) for use in your organization. Since this app has integration with the Intune SDK, you can also apply app protection policies like controlling cut ,copy,paste that comes with intune app protection policies.
If you are allowing end users to use managed browser for corporate use ,you must apply app protection policies and restrict managed apps to open the URL’s in intune browser .
If you are controlling the data on the managed apps using application protection policies ,you have the option of opening the URL within the managed apps using intune browser hence it is good advice to configure URL’s what is allowed and what is blocked for security reasons.
In this blog post ,we will see how to bookmark ,set homepage ,allow and block certain URLs for the Managed Browser .
1. Login to www.portal.azure.com
2.Click on Intune node ,browse through Mobile apps ,App Configuration Policies (https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/14/selectedMenuItem/Overview)
Or you can also click on Intune app Protection node (soon this node will be removed and you are required to use above option) ,under App management ,click on App Configuration (https://portal.azure.com/#blade/Microsoft_Intune/SummaryBlade/2)
3. Click on Add Config ,supply name and description
4. Under select required app ,choose Managed Browser (ManBro) for both iOS and Andriod,click Ok
5.Under Configuration ,first identify the URL’s that you want to allow .If you have requirement to block certain URL’s ,follow the steps above ,change the name to block.
You need to supply 2 values in the configuration 1.Name and 2.Value
Key Name to Allow URL’s:
Key Name to block URL’s:
I want to allow couple of URL’s that intune users access via browser are separated by (|)
http://eskonr.com/*|https://*.microsoft.com/*|https://expenses.contoso.com|http://www.eskonr.com:8080
http://eskonr.com/* –>Match all URL’s that begin with eskonr.com
https://*.microsoft.com/* –>Match all subdomains under
http://www.eskonr.com:8080 –>match single webpage that contains port number
To allow authentication, and access to Intune documentation, *.microsoft.com is exempt from the allow or block list settings. It is always allowed.
If you want to block any specific URL’s,add the above values in block list key value.
How to bookmarks specific URL’s ?
Key Name to bookmark:
microsoft.intune.mam.managedbrowser.homepage
Values:
Cyberark|https://cybr.intranet.asia/PasswordVault/default.aspx||Eswar Koneti Blog|http://www.eskonr.com
Each bookmark consists of the bookmark title, and the bookmark URL. Separate the title, and URL with the | character.
To configure multiple bookmarks, separate each pair with the double character, ||
6.Click Save,go to assignments and add group who should receive these settings.
End User Experience:
After you create the configuration and assign to group (list of users), on mobile device that was enrolled or MAM-WE(without enrolled) ,open intune browser ,you will see the changes that we configured in homepage ,bookmarks.
If you try to access any URL in the browser which is not allowed ,you will see message saying the URL is blocked. Unless you go back to the setting and allow ,user cannot open the URL using intune browser.
References:
https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser
4 Comments
Hi Eswar,
Great article!
I wonder if you know if this method can also be used to always clear cached user data on sign out of O365 apps on Android?
I have a Samsung tablets which are shared by a few people. Once you have logged on once it retains your details and therefore can select your username from the login drop-down. If you select the wrong name it will auto sign you in to the other persons account. If I could even set it to force re-entry of the password every time, That would be a super successful result.
Kind Regards
Ian M
Hi Ian,
Intune do not support shared mobile devices . It must be managed by single user account for now .If the mobile device is MAM-we or enrolled,it cannot be operated by different account.
But upon wipeout or reset of mobile device,all the user data will be gone.
Thanks,
Eswar
Im having Android devices work place joined... Do I need anything else?
I have created the same configuration as stated in this guide - but no bookmarks are showed in the Managed browser??
Hi,
Please do check if you have selected managed browser in the app protection policy and that is being applied to users/groups correctly.