Microsoft Edge browser is secure ,manageable and provides rich browsing experience. Using a protected browser with Intune policy (Microsoft Edge), you can ensure company resources are always accessed with corporate safeguards in place. This ties back to your O365 Identity.
You can use Microsoft Edge for enterprise scenarios on iOS and Android devices. Microsoft Edge supports all of the same management scenarios as the Intune Managed Browser with the addition of improvements to end-user experience.
The following Microsoft Edge enterprise features enabled by Intune policies are available. These enterprise features include:
- Dual-Identity - Users can add both a work account, as well as a personal account, for browsing. There is complete separation between the two identities, which is similar to the architecture and experience in Office 365 and Outlook. Intune admins will be able to set the desired policies for a protected browsing experience within the work account.
- Intune app protection policy integration - Admins can now target app protection policies to Microsoft Edge, including the control of cut, copy, and paste, preventing screen captures, and ensuring that user-selected links open only in other managed apps.
- Azure Application Proxy integration - Admins can control access to SaaS apps and web apps, helping ensure browser-based apps only run in the secure Microsoft Edge browser, whether end users connect from the corporate network or connect from the Internet.
- Managed Favorites and Home Page shortcuts - For ease of access, admins can set URLs to appear under favorites when end users are in their corporate context. Admins can set a homepage shortcut, which will show as the primary shortcut when the corporate user opens a new page or a new tab in Microsoft Edge.
we have users who are still on managed browser ,who access on-premise applications published through Azure AD app proxy securely .
Before we switch users to to Microsoft Edge ,we need to ensure Edge is capable of handling DLP along with what managed browser does. Edge does many things compared to managed browser (listed above), however ,DLP is one of the main concern .
After spending quite some time on DLP and other functionality testing on edge, we have finally decided to release Edge to users.
Since client is on MAM scenario (no device enrollment), we need educate /send COMM's to users to install Microsoft Edge from playstore/apple store .This is manual task for users since no device management and it is only MAM.
Once user install the Edge browser ,how do we make Edge as default browser and switch all URL’s to open automatically with Edge instead of Managed browser ? we have 2 options 1) Educate users uninstall managed browser 2)Keep both the apps and make changes on intune side.
we do not want to instruct users to uninstall managed browser at this point of time and keep edge and managed browser for time being .
While releasing Edge to users ,we need to make sure all URL’s from managed apps open with Edge browser.
If users have only Edge or managed browser then no additional configuration is required ,you can skip this post.
This post is useful for those who are looking to configure edge as default browser and take over the control from managed browser.
Leaving managed browser on user devices gives some flexibility to go back incase edge has some issues opening URL’s. Technically there shouldn’t be need to use but we just leave it for a while .
Following are the steps to make Edge as default browser over Managed browser on iOS and Andriod:
1. Login to Portal.azure.com and browse to Intune App protection https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/0 OR https://devicemanagement.Microsoft.com ,click Client Apps ,click on App Configuration Policies
2.Leave the existing configuration policies that are configured for managed browser ,click on ADD to create one for edge browser .
Click on Add
Provide the Name, description
device enrollment type, i choose Managed apps because no device enrollment and it is only MAM
Associate App, Choose the applications that you want to open the URL’s with edge browser . If you don't choose the apps in this section ,then clicking URL from outlook,teams,yammer will not open automatically with Edge browser.
I choose all the apps that are managed by intune.
This is main setting to ensure Microsoft Edge is being opened instead of Managed Browser, for all Intune managed apps with a policy-managed browser required.
Additional configuration settings that would help are:
With this ,we are not yet completed. There is another configuration we will have to do (if not done) .
In your App protection policies (iOS and Andriod) , you need to make sure , Edge is selected for iOS and Andriod with the following min setting:
In app protection policy, Data protection, there is setting called send Org data to other apps : Policy managed apps.
Share web content with policy managed browser: Enable
These 2 settings will help to open URL’s from intune managed apps with Edge browser automatically irrespective of whether user device has both edge and managed browser.
End user experience:
When user click on any URL from managed app ,it will automatically launch the URL in edge browser.
If users don't have edge on their mobile device and when clicking on the URL ,they will see the following screen to get Edge app since the URL opens only with Edge as per our app configuration.
One way ,it is good to force users to install edge on their devices.