Forum Discussion
App Enforced Restrictions not working on Chrome
Hi All
I hope you are well.
Anyway, a strange one here.
We have implemented App Enforced Restrictions on unmanaged / BYOD macOS devices.
This seems to have taken effect on Edge and Safari browsers but not Chrome.
Is there anything we can do to resolve this or force BYOD macOS to use Edge?
Info appreciated.
SK
4 Replies
Hi Stuart,
I would first confirm whether Chrome is being treated as a supported browser for the control you are trying to enforce.
App Enforced Restrictions are limited and mainly apply to Exchange Online and SharePoint Online. In my experience, Edge usually gives the most predictable result because it integrates better with Microsoft Entra ID, Conditional Access, and Microsoft data protection controls.
On unmanaged / BYOD macOS devices, you usually cannot truly “force” the user to use Edge unless the device is managed. What you can do is control access:
- Allow limited access from supported browsers.
- Block access where the required controls cannot be enforced.
- Use Conditional Access App Control / Defender for Cloud Apps if you need stronger session control.
- Recommend or require Edge as the supported browser for corporate access.
So I would not treat this as an Intune issue only. It is more about which browser can enforce the session control correctly on an unmanaged device.
Microsoft documentation:
https://learn.microsoft.com/en-us/sharepoint/app-enforced-restrictions
https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
Hi, on macos, only MS Edge and Safari (partially) support these controls natively. Google Chrome does not fully support App Enforce Restriction.
Options:
1. Force on EDGE.2. Defender for Cloud Apps (CASB)
Hi Buddy
I hope you are well and many thanks for your reply.
Anyway, can you elaborate on:
"1. Force on EDGE."
Would this be via "Require approved app"?
Info appreciated
SK
I believe require approved app is for mobile devices only. I think your only option is Defender for Cloud Apps (CASB).
