Use Microsoft Edge for your Protected Intune Browser Experience
Published Nov 12 2019 08:43 PM 27.6K Views

By Ileana Wu | Intune PM

 

Last fall and again mid-January, 2020, we posted the following message center post and we also talked about Microsoft Edge for your protected browser experience at Ignite. We're following up publishing the message center post here just to give you a chance (by commenting on this post) to ask any questions on moving to Microsoft Edge for your protected browsing experience. Here's the updated post. Note, we removed a reference to web clips; otherwise, the post below is nearly identical to the one posted in the fall. 

 

Take Action - Use Microsoft Edge for your Protected Intune Browser Experience

As we have been sharing over the past year, Microsoft Edge mobile supports the same set of management features as the Managed Browser, while providing a much-improved end user experience. We first announced this in MC194969 which we published last fall. This message is simply a reminder of that change. To make way for the robust experiences provided in Microsoft Edge, we will be retiring the Intune Managed Browser. Starting on January, 27, 2020, Intune will no longer support the Intune Managed Browser.

 

How does this affect me?

Starting on February 1, 2020, the Intune Managed Browser will no longer be available in the Google Play Store or the iOS App Store. At this point, you will still be able to target new app protection policies to the Intune Managed Browser, though new users will not be able to download the Intune Managed Browser app. 

 

On March, 31 2020, the Intune Managed Browser will be removed from the Azure console. This means you will no longer be able to create new policies for the Intune Managed Browser. If you have existing Intune Managed Browser policies in place, they will not be affected. The Intune Managed Browser will show up in the console as an LOB app with no icon, and existing policies will show as targeted to the app still. At this point, we will also remove the option to redirect web content to the Intune Managed Browser within the Data Protection section of App protection policies.

 

What do I need to do to prepare for this change?

To ensure a smooth transition from the Intune Managed Browser to Microsoft Edge, we recommend you take the following steps proactively:

  1. Target Microsoft Edge for iOS and Android with app protection policy (also referred to as MAM) and app config settings. You can reuse your Intune Managed Browser policies for Microsoft Edge by simply targeting those existing policies to Microsoft Edge as well.
  2. Ensure all MAM-protected apps in your environment have the app protection policy setting “Restrict web content transfer with other apps” set to “Policy managed browsers”.
  3. Target all the MAM-protected with the managed app configuration setting “com.microsoft.intune.useEdge” set to true. Starting next month with the release of 1911, you will be able to accomplish steps 2 and 3 simply by configuring the setting "Restrict web content transfer with other apps" to have “Microsoft Edge” selected in the Data Protection section of your app protection policies.

 

Let us know what questions you have on moving to Microsoft Edge for your Managed Browser experience by commenting back on this blog post. Also see our GA announcement for Microsoft Edge Conditional Access that we posted last week: https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Microsoft-Edge-Mobile-Support-for-Con... 

 

5 Comments
Microsoft

Hi,
Are there any way to prevent from Managed Browser to access Office 365? I want to make users use only Edge for Office 365 access.

Hi @KentaShibatani, you may direct users to Microsoft Edge instead of the Intune Managed Browser via the key:

com.microsoft.intune.useEdge

More information about configuring this setting can be found in our doc here: Manage web access by using Microsoft Edge with Microsoft Intune.

 

For configuring access to O365 services, Conditional Access may be used, and more information can be found in our blog here: Microsoft Edge Mobile Support for Conditional Access and Single Sign-on Now Generally Available.

 

Hope this helps!

Copper Contributor

Hello,

 

If we remove the managed browser from all app protection polices, it will no longer be regarded as a policy-managed app, correct?

 

This, in combination with the app protection policy setting “Restrict web content transfer with other apps” set to “Policy managed browsers”, would force browser traffic to Edge.

 

Is this line of thinking correct? How can I validate?

 

Would the Conditional Access policy referenced in Scenario 2 here still be needed?

Hi @Samuel Aderemi, thanks for the question!

 

If you have any existing Intune Managed Browser policies in place, it can be modified to target the Microsoft Edge browser instead.

 

To validate your configuration, you may want to create a new policy with the desired settings targeting a test user group prior to deploying it towards all users. You can also ensure the conditions have applied via the steps as documented here.

 

Regarding Scenario 2 -

The scenario referenced refers to the following: "Contoso has decided that all mobile web browsing access to Microsoft 365 resources must use an approved client app, (like Edge for iOS and Android), protected by an app protection policy prior to receiving access.

If your organization would like to enforce the use of an approved app (like Edge for iOS and Android) prior to accessing company resources, then this may be something you may want to configure.

 

Hope this helps!

Copper Contributor

Thanks for your reply.

 

I interpret the "instead" in your response to mean, yes, we should remove the Intune Managed Browser from app protection policies.

 

This would achieve @KentaShibatani's ask of "prevent Managed Browser to access Office 365".

 

Unfortunately, as these nuances make worlds of difference, Can you please confirm @Intune_Support_Team?

Version history
Last update:
‎Nov 30 2023 03:59 PM
Updated by: