Hello, Everyone. I hope you are doing great. We are back with a new article on how to Manage the Microsoft Edge Browser on Android devices using Intune. This article will discuss creating an app configuration to manage the Microsoft Edge browser on Android devices.
Microsoft had an Intune Managed Browser for accessing corporate websites with safeguards in place. Intune Managed Browser will use application protection policies, conditional access, and single sign-on. Microsoft decommissioned Intune Managed Browser in 2020 and extended the Microsoft Edge browser to all platforms, including iOS and Android.
Microsoft Edge is a free browser from Microsoft and can be installed on all Platforms. It provides privacy and protection from malware attacks. Edge browsers are also powered by AI features like Copilot, which summarize hard questions and provide solutions.
Microsoft Edge browser supports Dual-identity and App Protection policies, and we can manage the Bookmarks or Home Page URLs using Application configuration policies. We can also restrict or block websites from accessing using configuration policies.
- Best Way to Automatically Configure Outlook Profile for Windows with Intune
- Onboard iOS/iPadOS Devices to Microsoft Defender for Endpoint
Create Application Configuration Policy for Microsoft Edge Browser
Microsoft Endpoint Manager allows admins to create an Application Configuration profile in order to design a Microsoft Edge browser for organizational requirements. We can allow URLs or block URLs accessed by end users through these configuration profiles. Let’s see how we can create and manage Microsoft Edge browsers for Android devices.
- Log In to the Microsoft Intune Admin Center
- Click on Apps > App configuration policies
- Click on Add > Managed apps
Now, on the Basics page, provide the Name and Description of the Configuration policy. Under Target Policy, we have a few options: All Apps, All Microsoft Applications, or All Core Apps. We can also select the app we need to target.
As we need to deploy only for the Edge browser, I have clicked on Select Apps under Public Apps, Click on Add Apps and search for Microsoft Edge browser for Android. Select the Edge browser for Android and click on Select. Now click on Next to proceed with Settings Catalog.
As this is a mobile application, it does not have Settings Catalogs, so click Next to Settings page. Here, we can configure the required settings for the Edge browser as per our requirements. The settings are categorized into three sections.
- General configuration settings
- Microsoft Tunnel for Mobile Application Management settings
- Edge configuration settings
General configuration settings: These settings are used to configure general settings like the New Tab, App Behavior, and Kiosk Mode experience. We must define a Key-Value pair to enable, disable, or define the behaviour.
For example, to show the top site or news feed on a new tab, the below value has to be defined as com.microsoft.intune.mam.managedbrowser.NewTabPageLayout.Custom: topsites or wallpaper or newsfeed. We can define two or more values at the same time. I have shown it in the screenshot below. We can also set the organizational brand logos or brand colours. For our discussion, I have added the brand logo.
Microsoft Tunnel for Mobile Application Management Settings: These settings are used to configure Microsoft Tunnel if you have enabled it for your applications. As I do not have Microsoft Tunnel enabled, we are skipping this, and we will discuss this in detail in another article.
Edge configuration settings: Here comes the most exciting part of Edge configurations; in this section, we will define bookmarks, Allowed Websites, Blocked Websites, home page URLs, etc., and proxy configuration. Let’s discuss one by one in detail below.
Settings | Value |
---|---|
Application proxy redirection | When Enabled, users get access to corporate links and on-premise web apps. |
Homepage shortcut URL | When we set it, this will appear as the first icon beneath the search bar when users open a new tab in Microsoft Edge. |
Managed bookmark | In this configuration settings, we can define critical corporate URLs as bookmarks, which help users access directly on Edge browser |
Allowed URLs | When we configure Allowed URLs, users can access only these URLs using the Edge browser on their work profile. |
Blocked URLs | When we configure Blocked URLs, user cannot access these URLs while using the Edge browser on their work profile. |
Redirect restricted sites to personal context | Users will be redirected to their Personal profile when enabled while accessing restricted or blocked sites. |
Note! While configuring allowed or blocked websites, make sure you define either of the settings. We cannot configure both Allowed and blocked websites.
For our discussion, I’m adding the below configurations for the Edge browser. As shown in the screenshot, I’m blocking Gmail and configuring the Home page URL. I have enabled redirecting users to their profiles if they try to access a blocked website.
Users cannot copy and paste data from their Work Profile to Websites that are opened in their personal profile. Application Protection Policies manage these settings. Based on the MAM policy created, data is transferred from the Personal profile to the Work profile.
Once all the configurations are configured, click on Next to move to the Assignments screen, look for the group to which the configurations are to be deployed, select the group and if you want to exclude these configurations to any specific group, add exclusions, click on Next.
Now, view all the configurations on the Review+ Create page and click Create. If you want to make any changes, you click on Previous and make changes. Now, the policy will be created and assigned to the users. Let’s see the user behaviour in the next section.
User Experience
Now, enroll an Android device in Intune. Make sure you deploy the Edge browser as a required application for the end user so that the user does not need to install it manually. Depending on the Data Transfer settings App Protection policies, the URLs in managed apps will be opened in the Microsoft Edge browser.
As soon as I enrolled the device, the Edge browser was installed. After going through the initial setup, I was presented with a new Tab. In screenshot 1, the Home Page Shortcut URL is shown as an icon under the search bar. You can also view those suggestions as News and more, as we enabled them in General settings.
When we go to Favourites, you can see the bookmarks we configured, as shown in the screenshot. When we try to access the blocked URLs, the user will be prompted to sign in to a personal account(if a user is not signed in with a personal account) to access the blocked website. As the Edge browser supports multi-identity, we can sign in to personal and Work accounts at the same time.
If the user is already signed in, the user is prompted to switch between work and personal accounts. Users always have the option to cancel. While defining the blocked website, specify the URL, including Https or Http. We can also use wildcards to block entire websites, such as https://microsoft.om/*.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.
Conclusion
So, in addition to the configurations provided in GUI, we can define more settings for the Edge browser, but these settings should be defined in General settings as Key-Value pairs. Microsoft has provided many restrictions, such as restricting only organizational accounts. We will discuss a few more restrictions in another article. Till then, have a great day.
Author
About Author – Narendra Kumar Malepati (Naren) has 11+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.