First published on TechNet on Jul 11, 2018
Updated 7/16/18 with a quick note on Chrome.
We’ve had a few questions on how to best to work with App Protection Policies (APP) and URLs on Android devices. Note that Android and iOS work differently due to general platform differences, so the behavior described below is specific to Android.
You control your APP policy for Android in the Intune console . You can set App Protection Policies so that managed apps behave in a particular manner, such as opening web content in the Managed Browser, or only allow data to be transferred to the managed app. URL’s – web data such as http/https – is controlled by both the “Allow app to transfer data to other apps” and the “Restrict web content to display in the Managed Browser” policy settings. We did recently make a change regarding the handling of web data to address customer feedback and communicated about this change in the Office 365 Message Center as post MC141982.
As part of this APP policy, if you create a data transfer exception for the native browser, URLs in managed apps (like Outlook) can be opened in the native browser. You can accomplish this by setting the “Restrict web content to display in the Managed Browser” to “no”, and by creating the data transfer exception to the browser of your choice.
Below is a screenshot of where you set the web data policy:
If you don’t want the native browser on the device used, you can deploy the managed browser or Edge. Here’s documentation on how to use this Conditional Access feature; just know you will need Azure Active Directory Premium licensing with Intune to use Conditional Access: https://docs.microsoft.com/intune/app-configuration-managed-browser#conditional-access-for-the-intune-managed-browser .
As an administrator, you can create exceptions to the APP data transfer policy. Please be sure to read the warnings and understand the impact on data security. To allow unprotected browsers, you can add data transfer exceptions for the specific browsers that should be allowed. See APP Exceptions for more information on how to configure and understand data transfer exceptions on Android.
NOTE - We're fixing a bug in the experience with Chrome. When a user has a data transfer policy to managed apps, and the user has set Chrome or another unmanaged app as the default app in device settings, the current behavior is when an end user clicks on a link in Outlook - even when Edge or the Managed Browser is installed and managed on the device, the "No available apps" dialog still shows. As we roll out this fix, if Edge or the managed browser is installed and managed on the device, the link will open in Edge or the Managed Browser. Now, you as an Admin can set require secure browser = false, and then if your end user has set Chrome as the default browser in settings, http URLs will open in Chrome directly.
We’re always working to take your feedback and improve the IT and end user experience. We’re working to make the Android experience as consistent with iOS as the platform allows, while also taking your recommendations. Please do let us know through UserVoice if you have any other suggestions.
Microsoft
