Microsoft Enterprise Mobility + Security (EMS) is excited to deliver conditional access protection for Microsoft Edge on iOS and Android. This integration expands your management capabilities as you deploy Microsoft Edge for the best browsing experience across all endpoints in the enterprise. Microsoft Edge on iOS and Android with conditional access gives users easy, secure access to Office 365 and all your web apps that use Azure Active Directory, with the same application management and security capabilities that previously required Intune Managed Browser.
We are excited to share the following capabilities are now in public preview for Microsoft Edge on iOS and Android:
Let's dive a little deeper to explore these new features
Microsoft Edge on iOS and Android can now take advantage of single sign-on (SSO) to all web apps (SaaS and on-premises) that are Azure AD-connected. This means users of Microsoft Edge will be able to access Azure AD-connected web apps without having to re-enter their credentials. They simply need to have the Microsoft Authenticator app on iOS or the Intune Company Portal app on Android.
Let’s see how users can get this better sign-in experience on iOS devices:
If you previously used Intune Managed Browser with Azure AD Conditional Access, this new Microsoft Edge functionality will be familiar to you. Now, users protected with device-based conditional access can navigate to all links using Microsoft Edge from Outlook mobile, and access web resources without having to reauthenticate. To enable this, users only need to set Microsoft Edge as their default browser in their Outlook app settings.
You can now enforce policy-managed Microsoft Edge as the approved mobile browser to access Azure AD-connected web apps, restricting the use of unprotected browsers like Safari or Chrome. This allows you to secure access and prevent data leakage via unprotected browser applications. A similar protection can be applied to Office 365 services like Exchange Online and SharePoint Online, the Office portal, and access to on-premises (intranet) sites via the Azure AD Application Proxy.
Users attempting to use unmanaged browsers such as Safari and Chrome will be prompted to open Microsoft Edge instead. On first attempt, users will be prompted to install the Microsoft Authenticator on iOS or the Intune Company Portal on Android. Here is a screenshot of a blocked access when using Safari on iOS.
To configure this in Microsoft Intune, you need to apply application-based conditional access policy and an App Protection policy for Microsoft Edge on iOS and Android. Here’s how you do that:
Create a conditional access policy to lock down browser access to a policy-protected browser such as Microsoft Edge using app-based conditional access. Here’s a screenshot of a policy targeting browser access.
You may then select the control to grant access to cloud resources only from approved clients apps that can protect your corporate data.
Create an Intune application protection policy and target all users for the Microsoft Edge application. This screenshot shows how to target Microsoft Edge.
In addition to conditional access and single sign-on, here are other features and benefits enjoyed by users of Microsoft Edge managed and protected by Microsoft EMS:
Go ahead and download Microsoft Edge to experience these benefits today. Here’s a set of quick links to get you started:
As always, we’d love to hear any feedback or suggestions you have. Just email us here and let us know what you think!
Follow @MSIntune @AzureAD and @MicrosoftEdge on Twitter
(This post is authored in collaboration with Microsoft Intune, Azure Active Directory and Microsoft Edge product experts)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.