Edge Mobile and MAM policies

Iron Contributor

Greetings.  We've been testing replacing the Managed Browser with Microsoft Edge and Edge is pretty sweet but we've run into one issue.

 

On the Managed Browser, if I click on a link on our Intranet that is a PDF or a Word Doc, etc, the Managed Browser would give me a popup asking if I wanted to open this in Word or whatever MAM managed app it needed.

 

On Edge, on iOS you click a link and it just does nothing.  On Android it gives you a popup that says 'This action is blocked by your organization.'

 

I know it's pretty early so I don't know if anybody has seen this or not.  There doesn't appear to be any settings in Intune to make this work.  I think I will have to open a ticket but at least wanted to throw this out there just in case.

13 Replies

Hi Christopher,

 

How did you try to allow access to your files? via Azure AD App Proxy?

At least for now and based on Microsoft Device restriction and Edge Browser, you cannot apply the required policies for Edge on Mobile.

For now, you cannot compare the options and features between the Managed Browser and Edge.

 

Eli.

Yes, all my files are on my corporate Intranet that we access via the app proxy.  The article you listed talks about Windows 10 Edge policies.  We are using the mobile Edge browser on iOS and Android.  

Hi Christopher,

 

in my test setup I have an app proxy and an iOS device and added a pdf and docx link to my internal website and opened it with Mobile Edge on an iPhone. As soon as I click on the links (both pdf and docx link) the Mobile Edge is opening it and renders it within the Mobile Edge itself. I got no popup that asks to switch to Word, but I'm able to view the documents within Mobile Edge.

 

best,
Oliver

Thanks for the response, Oliver.  That is interesting.  Our particular files are on SharePoint.  I'm using the same conditional access, the same MAM policies and tapping on a PDF in the Managed Browser appears to download the file in the browser and then gives me a few Intune managed apps to open it in.  A word file just opens it right in Word.

 

In Edge mobile, in Android, it acts like it's opening a new window and I get the blocked message, while in iOS it does nothing.

 

If I remove my MAM policies, a word document will download then ask if I want to open it in Word or the built in Samsung document reader.  At no point will any document render in Edge.  It will always want to download to the device.

 

UPDATE: iOS documents seem to render in Edge, on Android they always download and ask what viewer they want to open in.

Interesting my MAM enabled Mobile Edge just opens both files pdf and docx in the browser even when hosted on sharepoint online. But as soon as I try to click on "open with" for pdf it tries to download and fails. For the docx file I click in the online viewer on the upper right, on the pencil icon then I'm asked how to open, in form of a dialog, I choose open with word mobile -> click open -> hand over to word mobile and my docx opens...

Strange indeed.  iOS won't even render.  It just acts like the link isn't a link.  Are there any specific App configuration policies for Edge that maybe I'm missing?  I can certainly make it official and open a ticket too if you think that's wise.

I have nothing special configured for my apps in my test tenant. See here, just app proxy redirect and a start page and one url for block, all just for testing purpose:

SNAG-0019.png

The decision how browsers (in that case Mobile Edge) handles opening files is based based on mime types. On a web server you can specify mime type to control the behavior of the browser if they should open the of file or download and so on. Maybe your mime type are not correct so the content is not recognized as pdf or docx. Which SharePoint are you using I'm on Office 365 SharePoint with my tests.

 

IMG_4854_small.jpg

 

Here I get the pdf online view and for the docx the online viewer with the optional open in Word mobile when clicking on the upper right pencil icon. Then I see the following popup:

 

IMG_4853_small.jpg

 

 

best,
Oliver

 

Hello, i am experiencing this exact behavior as well with mobile Edge browser and Intune. iOS using Edge will download/ launch links ending in a file using .docx and .pdf extensions without issue, Android device attempts to launch in Edge and says "Action blocked by Organization" as if it cannot download. If I install Intune Managed Browser on the Android device, then Outlook uses that browser over Edge and correctly downloads/ renders the files. I will say that on the Android device, Outlook will use Edge browser without issue for other URLs and open them correctly. Only difference between our nearly identical scenario is that the URLs i'm opening are not Intranet/ internal based resources, they are links to external internet based domain



One thing that i did find when looking into this issue is that i was not targeting Edge app in the Android specific "managed Browser" app config policy I had created because I couldn't initially get it to work in late Sept. so i defaulted back to the Intune Managed Browser app. Today i was testing and mistakenly found that Android based Outlook now does use Edge...and then i ran into this issue. I also found a white paper that said this managed browser app config policy update could take 24hrs. to apply and start working so i'll have to see if things change at all tomorrow. i will update if I see different behavior

Yeah, still not working for us.  I think the issue is these on-prem sharepoints we have are set to download documents and not view them in the browser.  So the old Managed Browser would simply download them, then prompt me to open it in my MAM protected Word, or whatever type of document it was.

 

The Edge browser doesn't seem to be able to handle documents set to download if they have MAM policies maybe?  So instead of popping up a list of apps to open the document it, it just says I'm blocked by policy?

Thought I'd bump this one up as it's still an issue and stopping us from moving all our users to Edge Mobile (which is really a fantastic product.. )

 

The message that gets generated is a little different now.  If I click on a link to our Intranet to a document on a SharePoint, i get a popup that now says, "Download is disabled by your organization."

 

It's trying to download the document because the owners of that particular SharePoint have it set to download documents instead of render them in the online viewer. 

 

The issue is that with the old Managed Browser, it would actually go ahead and download them and then ask me to open them in an app (which only Word, if it was a docx file, would work as it's MAM activated)

 

Edge will not do this.  Is there a way to just allow the corporate instance of Edge to download these inside it's bubble like the Managed Browser does? That would take care of the problem.

@Christopher Neuendorf 

Hi
did you find any solution for this issue?
the problem that i see is that the application (Edge) does not have access to the internal storage.
when you go into the app settings on the device, and to the permissions, it's all greyed out.
we currently have Samsung s10 with android 9.
when i tested the same thing on samsung s7 with android 8 those settings was enabled and not greyed out and its working.

what to do?!

@Christopher Neuendorf Did you find a solution to this issue? Thanks!

@Christopher Neuendorf were you able to find a solution to this problem? Our organization is beginning to experience this, as well! :(