Forum Discussion

bcaulder8's avatar
bcaulder8
Copper Contributor
Oct 15, 2025

Edge Mobile prompting users to Allow opening app using Custom URI Scheme

Somewhat recently, perhaps with release of IOS 26, Microsoft Edge began prompting users to "Allow" or "Don't allow" a site to open another application when using a Custom URI Scheme. This causes an u...
Conditional Access
Edge Mobile
Intune
Mobile Application Management (MAM)
AladinH's avatar
AladinH
Brass Contributor
Oct 15, 2025

Hi bcaulder8​,

This is expected on iOS 16+ for security reasons. To bypass the Edge prompt when opening a custom URI scheme, you can configure Intune as follows:

- App Protection Policy - Add the target apps as exceptions under Data Transfer Settings.

- Edge App Configuration - Use the key com.microsoft.intune.mam.managedbrowser.URLAllowlistand whitelist your URI scheme.

- Conditional Access - Ensure Edge is included as a compliant app so CA policies don’t block the flow.

Once configured, users should be able to open the app without seeing the prompt.

bcaulder8's avatar
bcaulder8
Copper Contributor
Oct 16, 2025

Hi AladinH​ ,

Our application is enrolled in Intune and included (not excluded) in the App Protection Policy.  Our application also supports Conditional Access and it is applied on both Edge and our application (we support the App Protection Required grant).

The site uses our "custom://" Custom URI to pass the information back and we don't add that Custom URL as an exception because we want Edge to add the "-intunemam" and pass the information back in the Intune "container". This is now causing a prompt though where it didn't prior.

 

Question about the Edge App Configuration setting: Are their other implications of using the URLAllowList? Wouldn't clients be required to add all possible URLs or does a Wildcard work.

 

This started happening recently and I am wondering if it was an update of Edge Mobile that caused the prompt now vs. iOS (if this started happening in iOS 16+).

 

Thanks

  • AladinH's avatar
    AladinH
    Brass Contributor
    Oct 17, 2025

    Thanks for the details - here’s how it works:

    - The Edge URLAllowList only controls which URLs Edge allows when filtering is applied. It does not suppress the iOS “Allow / Don’t Allow” prompt when opening other apps via custom URI schemes.

    - Wildcards only work for standard web URLs (e.g., https://*.contoso.com). For custom schemes like custom-intunemam://, wildcards don’t apply, and in your case, manually listing URIs won’t help because Edge dynamically appends -intunemam to stay within the Intune container.

    - The prompt started appearing recently likely due to Edge Mobile updates enforcing iOS 16+ security rules, not a change in Intune.

    Unfortunately, there isn’t a current configuration in Edge or Intune that can fully bypass this prompt when using Intune-managed custom URI schemes. Keep an eye on Edge and Intune updates - Microsoft may provide a smoother option in the future.

Resources