SOLVED

How to Apply Microsoft Edge Configuration Profiles to BYOD Users Without Device Enrollment?

Copper Contributor

I'm looking for some advice on managing Microsoft Edge settings for our BYOD employees. Specifically, I want to push configuration profiles to Microsoft Edge for users who access our environment through their personal devices, without enrolling these devices into Intune or our corporate environment.

 

The issue I'm facing is that these settings don't seem to apply unless the devices are enrolled, which I'd like to avoid because the people will be hiring will not work with us long, at all.

 

These temp workers will be completely browser-based, nothing will be stored on the device and no programs will need to be installed. I've got my configuration profiles in place, as well as my conditional access. Conditional access and MCAS settings are applied, just not configuration profiles.

 

Sorry if this is a really dumb question, I'm really bad about missing the most obvious solutions. I really appreciate any advice and suggestions.

6 Replies
best response confirmed by EthanBriley (Copper Contributor)
Solution

@EthanBriley 

You can do this by creating a configuration profile in the M365 Admin center. See below for further description. Users do need to be logged in. So you could use Intune to configure automatic login for managed devices. When a user logs in on a BYOD device itself, it also gets the organization configuration through this policy

 

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-management-service

 

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,

**Editing response, restarted Edge and it applied.

 

Thank you for your response.  Policy settings have applied, however, it's also applying to other profiles on the person's Edge. 

 

Is there a way to get it to ONLY apply to their work profile and not other profiles?

That's weird, I use this configuration more often and don't know this behavior. Could you share a screenshot of your configuration with me?

@JosvanderVaart 

 

Here's the initial page, the policies I have in place, and the group assignment.

 

The group consists of my one test account

Looking into it a little further, seems to be some of the policies are applying. Like blocking extensions, so I'd say we're all good, I'll just need to relax the policy a little more. Thank you for your assistance!
Hi,

If it's Windows devices, the users are working with, you can take a look at MAM for Windows. This will give you some great options in order to protect company data on BYOD devices.
1 best response

Accepted Solutions
best response confirmed by EthanBriley (Copper Contributor)
Solution

@EthanBriley 

You can do this by creating a configuration profile in the M365 Admin center. See below for further description. Users do need to be logged in. So you could use Intune to configure automatic login for managed devices. When a user logs in on a BYOD device itself, it also gets the organization configuration through this policy

 

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-management-service

 

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,

View solution in original post