Intune Managed Browser is a web browsing app by Microsoft which lets you safely view and navigate web pages that contain Company information or internal organization web pages. With a managed browser, you can enable following Enterprise Mobility security features:
- Single sign-on
- Conditional Access
- Application configuration settings
- Azure application proxy integration
- Application protection policies
Managed browser is available in Android and Apple stores and it supports Android 4+ and iOS 8 and above. When it comes to Windows 10, Microsoft Edge acts as the Managed browser, also Edge can be used in supported mobile Operating systems. My purpose of this article is to explain how effectively we can use the managed browser with EMS components.
In part 01 of this post, let's discuss deploying Managed browser and implementing app protection policies. From Part 02 I’m hoping to explain how to push configurations such as bookmarks, the home page, whitelisting and blacklisting web pages. Also, part two will cover configuring conditional access where corporate apps can access only from Managed browser and use the Azure app proxy.
Deploying a Managed Browser with Intune
Managed browser is a part of Intune, as the first step, you need to deploy it to the endpoints. You can ask users to install it by themselves from app stores or centrally deploy it through Intune. Let’s see how it can be deployed from Intune.
- Log in to the Azure Portal - Intune - Client Apps – Apps, click ADD and select the relevant Operating system from the store section.
- For iOS, you need to type the app name as “Managed Browser” and select
- If you are using Android, you need to get the Play Store link and paste it in App store URL.
Managed browser - https://play.google.com/store/apps/details?id=com.microsoft.intune.mam.managedbrowser&hl=en
Assign the app to the relevant user group
Download and install the Managed Browser from Intune Company portal.
Intune App Protection Policies with Manage Browser
In my previous posts, I have talked about App Protection policies. Intune App protection policy enables you to protect data on-device applications. You can define the apps and set of policies to control the actions. These protected apps are called managed apps. You can define policies such as prevent cut, copy, save as, screen capture, also you can allow data transfer only within the managed apps.
Not all store app support Intune, it should be written according to Intune understandable format, In Microsoft world, this is called Intune Enlighten app. Managed Browser is a enlighten app, it supports all the app protection policies. When you publish a Company Internal website through Managed Browser you can enable App protection policies such as prevent cut, copy, save as, etc.
- Login to Azure portal – Client apps – App protection policies - Create a new App Protection policy
- Name the policy, select the relevant OS, and select the relevant apps. In this case Managed Browser
- Fill your relevant configurations from data protection
- Additionally, you can define the Access protection where policy managed apps (Managed browser) are required a PIN to open.
- Target the policy to the relevant user group
- After policies sync to the targeted user, user can experience the Managed Browser becoming a corporate managed app, and web pages accessed through the Managed browser is protected with app protection policies where user cannot cut, copy, save as, etc.