[New Blog Post] Microsoft Edge for iOS/Android Managed device (Intune-MAM)

The narrative of this blog is on how to require users to set Microsoft Edge as a standard Browser, which can be achieved by using the App configuration policy and App protection policy. These policies should be targeted to managed iOS/Android devices, in order to make sure that it’s applied to the correct scenario and as well as the correct behaviour is applied.

The following blog walks through an example of such policies for the Microsoft Edge App. 

1. App Protection policies

Protection policies need to be created as shown below. Thus, creating multiple App protection policies for iOS and Android for Managed devices.

1.1. Android Apps

When only working with Android devices, the below setup is good enough. Only need to make sure that users will have the Company Portal app installed. Only need to install it, there is no need for any configuration as it functions as the broker on Android devices.

The following shows the technical properties of the Android App Protection policy set-up, where Microsoft Edge is added to Public Apps.

1.2. iOS apps

Just like with an Android’s App protection, which will require a Broker app. For IOS devices, the MFA Authenticator app needs to be installed. After making sure all the iOS users have that app installed, then first need to make sure all the Applications which need the Managed App Protection policies are added to Intune. Moreover, it is important to define an App Configuration Policy for each app and that includes Microsoft Edge as shown below. 

The following shows the technical properties of the iOS-App Protection policy set-up, where Microsoft Edge is added to Public Apps.

1. App configuration policies

Now that the required Microsoft Edge App installed on the devices we still need to push an additional App Configuration, to make sure the IntuneMAMUPN is configured for Microsoft Edge App.

Note for General knowledge: Some apps do not support this config. For more info. visit https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps

It will need to be configured the IntuneMAMUPN for the Microsoft Edge app because this value is required for devices that are managed by Intune to identify the enrolled user account. This is very important because you really want to make sure the protected app has the correct app protection policy applied!

Below we create a new Managed Device App Configuration Policy and select the Microsoft Edge app. To do so, will need to select “Managed Devices” when adding a new App Configuration Policy.

After selecting the proper App Configuration it’s time to select IOS/IPadOS and select the “Targeted App”. In this example, select Microsoft Edge.

The possibility to add the required “IntuneMAMUPN” key can be found under “Additional Configuration”. Please beware the App configuration keys are case sensitive. Use the proper casing to ensure the configuration takes effect.

Quick summary on how and where to configure the IntuneMAMUPN key

·    Configuration key: Specify IntuneMAMUPN as value for the configuration key

·    Value type: Specify String as value for the value type

·    Configuration value: Specify {{UserPrincipalName}} as value for the configuration value

1. User experience

The following test was conducted on an Android test device via a Microsoft Intune. The below screenshots show how the above configurations required the user to set Microsoft Edge as a Standard Browser. 

1. What have we learnt?

In consequence, the users will be forced to log in with their business account on the Microsoft Edge App, for example, if the user is not logged into the Edge App and the user receives a URL link via Outlook App's inbox, the user will be forwarded back to (Figure 1) to start the login process, which otherwise the URL link can’t be open without a sign-in.

Another example, if the user does not install Microsoft Edge App, no URL link will be opened in any other browser app.

#microsoft  #edge #intune #appprotectionpolicy #appleiphone #apple #iOS #Android

Author

https://www.linkedin.com/in/shady-khorshed-19277723/ is a Microsoft enthusiast. He loves writing on iOS/Android, Windows 11, Windows 365 and related Microsoft Intune. He is here to share quick tips and tricks for all young professionals.