Intune app protection policy: How to allow non-corporate links to be opened from any browser, while corporate links must be opened from Managed Edge?

Konstantinos Koutroumpouchos 0 Reputation points
2023-03-09T10:35:05.88+00:00

Hello,

I am configuring an app protection policy for personal Android/iOS devices. What I want to do is the following:

When a link that does not include corporate information (e.g. LinkedIn link, blog links, youtube, etc.), the link will be opened with the mobile device's default browser or app.

When a link that contains corporate information (e.g., SharePoint, Excel, etc.), the link must be opened from a managed app. If the corresponding managed app does not exist, then the link must be opened from managed Edge by default.

However, in app protection policies, I can either allow all links to be opened from Any App, or all links to be opened from managed Microsoft Edge.

I have configured a conditional access policy to require app protection policy when accessing the apps of interest.

When I set links to be opened from Any App, what happens is the following:

  1. Tap the link.
  2. Link opens in default browser
  3. Sign in on the browser with my company microsoft account
  4. conditional access policy requires app protection policy and prompts me to "Launch in Edge"
  5. Edge opens but the link is stuck and does not open.

On the other side, when I set links to be opened from Managed Edge, I am able to open corporate links no problem and the open in Edge without any issues. However, when I try to open, for example, a LinkedIn link, it opens again in Edge, instead of opening with the LinkedIn Mobile app or any other browser, which is inconvenient.

How can I set an app protection policy to allow non-corporate links to be opened from any browser, but corporate links to be opened from Managed Edge? Keep in mind I am talking about personal iOS/Android devices.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,223 questions
Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
202 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
260 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,666 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,366 Reputation points
    2023-03-10T01:40:42.9833333+00:00

    @Konstantinos Koutroumpouchos Thanks for posting in our Q&A.

    If you want corporate links must be opened from Managed Edge, an app protection policy is enough, and we don't need to create a conditional access policy. It is suggested to add Edge, SharePoint and Excel as managed apps in this app protection policy and set "Restrict web content transfer with other apps" to "Microsoft Edge".

    However, based on my understanding, for non-corporate links, they will be opened from the default browser in the device. This action is not controlled by intune.

    Thanks for your understanding.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.