Microsoft Edge browser is secure ,manageable and provides rich browsing experience. Using a protected browser with Intune policy (Microsoft Edge), you can ensure company resources are always accessed with corporate safeguards in place. This ties back to your O365 Identity.
You can use Microsoft Edge for enterprise scenarios on iOS and Android devices. Microsoft Edge supports all of the same management scenarios as the Intune Managed Browser with the addition of improvements to end-user experience.
The following Microsoft Edge enterprise features enabled by Intune policies are available. These enterprise features include:
- Dual-Identity - Users can add both a work account, as well as a personal account, for browsing. There is complete separation between the two identities, which is similar to the architecture and experience in Office 365 and Outlook. Intune admins will be able to set the desired policies for a protected browsing experience within the work account.
- Intune app protection policy integration - Admins can now target app protection policies to Microsoft Edge, including the control of cut, copy, and paste, preventing screen captures, and ensuring that user-selected links open only in other managed apps.
- Azure Application Proxy integration - Admins can control access to SaaS apps and web apps, helping ensure browser-based apps only run in the secure Microsoft Edge browser, whether end users connect from the corporate network or connect from the Internet.
- Managed Favorites and Home Page shortcuts - For ease of access, admins can set URLs to appear under favorites when end users are in their corporate context. Admins can set a homepage shortcut, which will show as the primary shortcut when the corporate user opens a new page or a new tab in Microsoft Edge.
we have users who are still on managed browser ,who access on-premise applications published through Azure AD app proxy securely .
Before we switch users to to Microsoft Edge ,we need to ensure Edge is capable of handling DLP along with what managed browser does. Edge does many things compared to managed browser (listed above), however ,DLP is one of the main concern .
After spending quite some time on DLP and other functionality testing on edge, we have finally decided to release Edge to users.
Since client is on MAM scenario (no device enrollment), we need educate /send COMM's to users to install Microsoft Edge from playstore/apple store .This is manual task for users since no device management and it is only MAM.
Once user install the Edge browser ,how do we make Edge as default browser and switch all URL’s to open automatically with Edge instead of Managed browser ? we have 2 options 1) Educate users uninstall managed browser 2)Keep both the apps and make changes on intune side.
we do not want to instruct users to uninstall managed browser at this point of time and keep edge and managed browser for time being .
While releasing Edge to users ,we need to make sure all URL’s from managed apps open with Edge browser.
If users have only Edge or managed browser then no additional configuration is required ,you can skip this post.
This post is useful for those who are looking to configure edge as default browser and take over the control from managed browser.
Leaving managed browser on user devices gives some flexibility to go back incase edge has some issues opening URL’s. Technically there shouldn’t be need to use but we just leave it for a while .
Following are the steps to make Edge as default browser over Managed browser on iOS and Andriod:
Steps:
1. Login to Portal.azure.com and browse to Intune App protection https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/0 OR https://devicemanagement.Microsoft.com ,click Client Apps ,click on App Configuration Policies
2.Leave the existing configuration policies that are configured for managed browser ,click on ADD to create one for edge browser .
Click on Add
Provide the Name, description
device enrollment type, i choose Managed apps because no device enrollment and it is only MAM
Associate App, Choose the applications that you want to open the URL’s with edge browser . If you don't choose the apps in this section ,then clicking URL from outlook,teams,yammer will not open automatically with Edge browser.
I choose all the apps that are managed by intune.
Configuration Settings:
com.microsoft.intune.useEdge true
This is main setting to ensure Microsoft Edge is being opened instead of Managed Browser, for all Intune managed apps with a policy-managed browser required.
Additional configuration settings that would help are:
com.microsoft.intune.mam.managedbrowser.AppProxyRedirection true
com.microsoft.intune.mam.managedbrowser.bookmarks Eskonr|http://eskonr.com||AppCatalog|https://portal.manage.microsoft.com||Diagnostic|about:intunehelp
com.microsoft.intune.mam.managedbrowser.homepage http://eskonr.com
com.microsoft.intune.mam.managedbrowser.AllowListURLs http://*.apac.asia/*|https://*.akamaized.net/*|https://*.msocdn.com/*|https://*.msappproxy.net/*|
With this ,we are not yet completed. There is another configuration we will have to do (if not done) .
In your App protection policies (iOS and Andriod) , you need to make sure , Edge is selected for iOS and Andriod with the following min setting:
In app protection policy, Data protection, there is setting called send Org data to other apps : Policy managed apps.
Share web content with policy managed browser: Enable
These 2 settings will help to open URL’s from intune managed apps with Edge browser automatically irrespective of whether user device has both edge and managed browser.
End user experience:
When user click on any URL from managed app ,it will automatically launch the URL in edge browser.
If users don't have edge on their mobile device and when clicking on the URL ,they will see the following screen to get Edge app since the URL opens only with Edge as per our app configuration.
One way ,it is good to force users to install edge on their devices.
Reference: https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser
22 Comments
notting.
Does this require Managed Google Play? Can Android Device Manager enrolled devices use this policy to enforce the use of Edge?
Nope,you dont need the managed google play. you can go with MAM-WE as well.
Thanks,
Eswar
We have an issue as we started integrating more and more apps to Intune. Already have "com.microsoft.intune.useEdge" set to true.
Issue:
When I launch the app, it opens device default browser (Safari in iOS and Chrome in Android) where it prompts me to enter user credentials. When I enter the credentials, I get error "You can't access this from here". This is because we have a Conditional Access policy which block access from unmanaged browser. Conditional Access policy only allow access from Edge. Anser I am getting from Microsoft is "MSAL is using Safari as default browser" which doesn't make sense.
We have this issue with one of Line of Business app, Cisco Jabber for Intune and Service Now.
Any insight in to this would help.
do we need to include edge and intune managed browser in target apps for configuration profiles. i want to make edge as default browser, in my ios device is working as expected but in android device
Hi,
You dont need both .since your requirement is to have edge as primary browser for work account and manage by intune. If you select both edge and managed browser ,then ensure you configure the setting to make edge as default.
Run the app protection policies for user and see what policies are applying .
Thanks.
Eswar
Hi, sorry i dont see your questions. I get no error. Weblinks distributed by intune are still open in managed browser and not in edge. Yes i configure the policys like you describe... Links from Outlook are open in edge. unfortunately the Weblinks are very important for us.
Hi,
Following are the steps to open all URL's in edge browser instead of managed browser.
1.Create app configuration with the settings listed in browser. This will make sure the edge is taken over managed browser . Apply the policy to AD sec group (users).
2.Create app protection policy and choose edge and other managed apps that you want the URL's to be launch automatically using edge browser. Apply the policy to users.
If the above are configured but still not working then check the app protection policy reporting for specific user and see if the policies are correctly applied to user or not.
if still nothing happens, then review the app protection policy logs.
Thanks,
Eswar
Hi,
Thanks for the hints. I check app configuration and App Protection Policy.
App Protection Policy reporting for my user is OK! In the app Protection logs i see no problems.
When i open an link from i.e. the outlook-app is open correctoy in edge. So the settings seems to work.
Unfortunately the Weblinks on the iPhone (distributed by intune) still open in managed browser and not in Edge. This is very important for us. Any other ideas. THANKS Joachim
Hi,
you said that , links from outlook are opening in edge but Unfortunately the Weblinks on the iPhone (distributed by intune) still open in managed browser and not in Edge ? what does it mean ?
Opening the URL from edge depends on the policy that you have specified to open from managed apps or all apps.
Thanks,
Eswar
We distribute a weblink i.e. our intranet to our devices. I set the option: "Require a managed browser to open this link." I make all settings wich you describe in this article. when i open i.e. our Intranet from my iPhone (Weblink with intune) still the managed Browser is open and not the edge.
What is the application that are you trying to launch the URL from ? and is that application part of managed app and in-sync with App protection policies along with edge browser. Seems like some settings are missing from the policy.
you can raise a support ticket for intune as it is free and get this checked from the logs.
Thanks,
Eswar
Hi, there is no application. i click the weblink from the surface of the iPhone! It is a icon on the iphone. Probably that is the problem…. i have already raise a ticket,but with no success. i read your article and hope it works as you describe…
If the application or link that open is not managed by intune, how does intune know to launch it with edge unless you set edge as default app for managed/unmanaged apps. I only talked about edge as default for managed apps which are outlook, onedrive teams which are controlled by intune. If Other apps on iphone is not managed by intune app protection policy then it won't work. You need to set edge as default app manually
How can i set edge as default app, so that links are open with edge. is there a way?
Hi,
you can set as per the app configuration policies created and it works only for the managed apps using intune but not for native apps or un-managed apps. Have you tried the steps ?
Thanks,
Eswar
Hi – Nice article. It is working as expected. is there a way to redirect external URLs from outlook to other browser like chrome and safari and only SharePoint online and exchange online URLs to edge browser.
Hi Sumesh , Did you find an answer .
Hi, i make all these steps, but with intune distributed links still not open with edge. Any idea…?
What error do you get? Are they opening with managed browser? What app r u trying to open the url with? Have you configured policies rightly?
hey buddy i have one question in targeted apps for configuration profile do we include edge and intune managed browser too
You can include both of them if you have need to use both and config settings apply to both. By default, managed browser take pirotiy unless you specific edge as default browser