Microsoft is making it easier for users of its Edge browser for iOS and Android to access applications via single sign-on, while give tools to administrators to prevent these workers from using Safari or Chrome to access some enterprise apps.
The mobile version of Edge for iOS and Android now supports “conditional access” protection and single sign-on, making it more attractive for enterprises to deploy Microsoft’s mobile Edge as the go-to browser for accessing web apps, assuming they’re connected to Microsoft’s Azure Active Directory or Azure AD.
According to Microsoft, the browser now comes with the same application management and security capabilities that once required an Intune Managed Browser.
The single sign-on component means workers can more easily access apps such as Microsoft Outlook as well as web apps that are connected to Azure AD, be they software-as-a-service (SaaS) or on-premise delivered.
This means workers only need to sign-in to an Azure AD-connected web app once and don’t need to enter their credentials again afterwards. Instead they would use the Microsoft Authenticator app on iOS or the Intune Company Portal app on Android.
On an iPhone, users will be able to sign-in to multiple Azure AD-connected apps in one go, assuming they support single sign-on. Users are prompted to register their device in order to sign-in to the accounts.
The conditional access component means that organizations can mandate that workers use a Microsoft Intune protected browser such as Edge by using “application-based conditional access policies”.
In short, admins can prevent workers from using Chrome or Safari to access specified enterprise web apps in order to prevent what Microsoft says is the risk of data leakage from “unprotected browsers”.
“You can now enforce policy-managed Microsoft Edge as the approved mobile browser to access Azure AD-connected web apps, restricting the use of unprotected browsers like Safari or Chrome,” Microsoft explains.
“This allows you to secure access and prevent data leakage via unprotected browser applications. A similar protection can be applied to Office 365 services like Exchange Online and SharePoint Online, the Office portal, and access to on-premises (intranet) sites via the Azure AD Application Proxy.
“Users attempting to use unmanaged browsers such as Safari and Chrome will be prompted to open Microsoft Edge instead. On first attempt, users will be prompted to install the Microsoft Authenticator on iOS or the Intune Company Portal on Android.”