If you are using Microsoft intune as MDM solution to manage mobile devices ,you will certainly hit the requirement of managing Internet access using Managed Browser policies with Microsoft Intune to allow or block,bookmark and set home page with certain URL’s.
Intune Managed Browser is a web browsing application that you can download from public app stores (apple store or Google play store) for use in your organization. Since this app has integration with the Intune SDK, you can also apply app protection policies like controlling cut ,copy,paste that comes with intune app protection policies.
If you are allowing end users to use managed browser for corporate use ,you must apply app protection policies and restrict managed apps to open the URL’s in intune browser .
In this blog post ,we will see how to bookmark ,set homepage ,allow and block certain URLs for the Managed Browser .
1. Login to www.portal.azure.com
2.Click on Intune node ,browse through Mobile apps ,App Configuration Policies (https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/14/selectedMenuItem/Overview)
Or you can also click on Intune app Protection node (soon this node will be removed and you are required to use above option) ,under App management ,click on App Configuration (https://portal.azure.com/#blade/Microsoft_Intune/SummaryBlade/2)
3. Click on Add Config ,supply name and description
4. Under select required app ,choose Managed Browser (ManBro) for both iOS and Andriod,click Ok
5.Under Configuration ,first identify the URL’s that you want to allow .If you have requirement to block certain URL’s ,follow the steps above ,change the name to block.
You need to supply 2 values in the configuration 1.Name and 2.Value
Key Name to Allow URL’s:
Key Name to block URL’s:
I want to allow couple of URL’s that intune users access via browser are separated by (|)
http://eskonr.com/*|https://*.microsoft.com/*|https://expenses.contoso.com|http://www.eskonr.com:8080
http://eskonr.com/* –>Match all URL’s that begin with eskonr.com
https://*.microsoft.com/* –>Match all subdomains under
http://www.eskonr.com:8080 –>match single webpage that contains port number
To allow authentication, and access to Intune documentation, *.microsoft.com is exempt from the allow or block list settings. It is always allowed.
If you want to block any specific URL’s,add the above values in block list key value.
How to bookmarks specific URL’s ?
Key Name to bookmark:
microsoft.intune.mam.managedbrowser.homepage
Values:
Cyberark|https://cybr.intranet.asia/PasswordVault/default.aspx||Eswar Koneti Blog|http://www.eskonr.com
Each bookmark consists of the bookmark title, and the bookmark URL. Separate the title, and URL with the | character.
To configure multiple bookmarks, separate each pair with the double character, ||
6.Click Save,go to assignments and add group who should receive these settings.
References:
https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser