Configure bookmarks ,allow and block URLs for the Managed Browser using intune

If you are using Microsoft intune as MDM solution to manage mobile devices ,you will certainly hit the requirement of managing Internet access using Managed Browser policies with Microsoft Intune to allow or block,bookmark and set home page with certain URL’s.

Intune Managed Browser is a web browsing application that you can download from public app stores (apple store or Google play store) for use in your organization. Since this app has integration with the Intune SDK, you can also apply app protection policies like controlling cut ,copy,paste that comes with intune app protection policies.

If you are allowing end users to use managed browser for corporate use ,you must apply app protection policies and restrict managed apps to open the URL’s in intune browser .

If you are controlling the data on the managed apps using application protection policies ,you have the option of opening the URL within the managed apps using intune browser hence it is good advice to configure URL’s what is allowed and what is blocked for security reasons.

In this blog post ,we will see how to bookmark ,set homepage ,allow and block certain URLs for the Managed Browser .

1. Login to www.portal.azure.com

2.Click on Intune node ,browse through Mobile apps ,App Configuration Policies (https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/14/selectedMenuItem/Overview)

Or you can also click on Intune app Protection node (soon this node will be removed and you are required to use above option) ,under App management ,click on App Configuration (https://portal.azure.com/#blade/Microsoft_Intune/SummaryBlade/2)

3. Click on Add Config ,supply name and description

4. Under select required app ,choose Managed Browser (ManBro) for both iOS and Andriod,click Ok

5.Under Configuration ,first identify the URL’s that you want to allow .If you have requirement to block certain URL’s ,follow the steps above ,change the name to block.

You need to supply 2 values in the configuration 1.Name and 2.Value

Key Name to Allow URL’s:

Key Name to block URL’s:

I want to allow couple of URL’s that intune users access via browser are separated by (|)

http://eskonr.com/*|https://*.microsoft.com/*|https://expenses.contoso.com|http://www.eskonr.com:8080

http://eskonr.com/* –>Match all URL’s that begin with eskonr.com

https://*.microsoft.com/* –>Match all subdomains under

http://www.eskonr.com:8080 –>match single webpage that contains port number

To allow authentication, and access to Intune documentation, *.microsoft.com is exempt from the allow or block list settings. It is always allowed.

If you want to block any specific URL’s,add the above values in block list key value.

How to bookmarks specific URL’s ?

Key Name to bookmark:

microsoft.intune.mam.managedbrowser.homepage

Values:

Cyberark|https://cybr.intranet.asia/PasswordVault/default.aspx||Eswar Koneti Blog|http://www.eskonr.com

Each bookmark consists of the bookmark title, and the bookmark URL. Separate the title, and URL with the | character.

To configure multiple bookmarks, separate each pair with the double character, ||

6.Click Save,go to assignments and add group who should receive these settings.

End User Experience:

After you create the configuration and assign to group (list of users), on mobile device that was enrolled or MAM-WE(without enrolled) ,open intune browser ,you will see the changes that we configured in homepage ,bookmarks.

If you try to access any URL in the browser which is not allowed ,you will see message saying the URL is blocked. Unless you go back to the setting and allow ,user cannot open the URL using intune browser.

References:

https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started#how-to-get-started