Close Menu
    Facebook X (Twitter) Instagram
    Monday, June 23
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Intune»App protection policies»How to Manage and Configure Intune Managed Browser for DLP (An alternate solution to app configuration with allow block URL)

    How to Manage and Configure Intune Managed Browser for DLP (An alternate solution to app configuration with allow block URL)

    Eswar KonetiBy Eswar KonetiMarch 09, 3:37 pm3 Mins Read App protection policies 3,247 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Introduction:

    Intune Managed Browser app lets you safely view and navigate web pages that might contain company information and provides a secure web-browsing experience for Microsoft office and other apps managed by Microsoft Intune. This browser help your IT administrator protect company information without restricting your regular web browsing or app experience.

    Intune Managed Browser is not like other browsers (Chrome ,Firefox and other 3rd party browsers ) .This is unique browser that does not let you upload any files ,which means you can open gmail,onedrive or any cloud hosting provider in intune browser but cannot let you upload any files .How does it matter to me with this .? Well ,If you are using Microsoft Intune as mobile device management solution ,you must plan and configure the MAM policies (Data control) for Intune browser. 

    Below is the scenario that will help you to understand about data leakage from intune browser and how it helps to avoid configuring  allow /block URL’s for end users from my experience.

    If you configure MAM Policy (data control) with your required application settings for all intune supported applications including Intune Managed browser ,you will experience data leakage issues with managed browser unless you configure allow/block URL’s using App Configuration .Why do i hit DLP Issues with managed browser ? Ok, If you configure MAM policy with following setting (Policy managed apps or with past in),you are allowing data to copy from onedrive, teams,outlook etc to Intune managed browser .I can open intune managed browser ,open gmail/onedrive ,copy the data from intune apps to any of these un managed sites to leak the data.

    OR you can configure allow or Block list of URL’s but how many URL’s do you configure ? There could be tons of URL’s which user might want to access which is impossible to configure with allow or block action.

    So what is the solution then ? If you really care about DLP ,then i see  only 1 possible solution that can minimize/no DLP issues .

    image

     

    The solution which am going to talk about will eliminate the need of configuring allow/block list of URL and allow users to open all the links from the managed applications using browser automatically and decline copy/paste option from these managed apps to intune managed browser. I don't see a reason for user to copy the data from managed apps to intune managed browser except open the links. feedback via comments section.

    Solution:

    When you configure MAM policy for iOS ,Android, do not choose intune managed browser .We will create separate MAM policy for iOS and Android OS.

    Create MAM policy for iOS/Andriod with following settings (MAM_iOS_IntuneBrowser) for Managed Browser application.

    Targeted Apps ,choose Managed Browser

    Policy Settings: Look out for the primary settings that are arrowed.

     

    image

    With this configuration ,we allow users to open any links from the managed applications to intune managed browser but restrict cut copy paste .

    If you want to allow block list of URL’s ,i blogged about it previously here http://eskonr.com/2017/12/configure-bookmarks-allow-and-block-urls-for-the-managed-browser-using-intune/

    Until Next!

     

     

    Application Management data control DLP policies intune intune managed browser MAM policy for managed browser policy managed apps
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.