BOOK A MEETING

Microsoft Intune Introduces MAM for Edge on Windows

While Mobile Application Management (MAM), also known as App Protection Policies in Intune, has long been available for Android and iOS, it has now become available for Edge on Windows. UEM Consultant, Tim Struik, uncovers this new feature and highlights what it has to offer for your organisation.

A somewhat comparable App Protection Policy, called Windows Information Protection (WIP), has been available within Intune for some time. However, Microsoft already indicated last year that it was planning to downgrade Windows Information Protection. Simultaneously, support for Windows Information Protection ‘without enrolment’ has now been discontinued as of December 2022.

While not yet fully-fledged, an alternative has become available in the form of MAM for Edge on Windows. Where the App Protection Policy application scope for Android and iOS is fairly extensive  the App Protection Policy for Windows is restricted to the Edge browser application only. It remains unclear whether the application scope for Windows App Protection Policies will be expanded beyond Edge (Outlook, Teams, OneDrive, etc.). However, the availability for Edge is a desirable feature. Especially for users who do not (or cannot) work on a company-managed device,  the Edge App Protection Policy for Windows allows some level of data security to be enforced when using web-based services such as Exchange Online, Teams and OneDrive for Business.

Conditional access can also be used to make this App Protection Policy compulsory when accessing resources. This ensures that the App Protection Policy is applied to end users’ Edge clients before they can access these web-based resources. The following licences are required to deploy this new App Protection Policy appropriately:

The Windows App Protection Policy works similar to Android and iOS, as it is user-driven. This means that the user must log in with their business account in the application to apply the App Protection Policy to Edge:

There are currently fewer Data Protection configuration options available within Windows App Protection Policy compared to for example Android or iOS:

In addition to the Data Protection Settings, Health Checks and Conditional Launch Settings can also be defined which are similar to Android and iOS:

Additionally, it is also possible to apply managed Edge application settings from the Settings Catalogue:

This allows for other configurations besides Data Protection Settings, such as those aimed at improving the end-user experience, to be pushed within the Edge application.

Once the Windows App Protection Policy for Edge is in place and enforced, it will look like the following to an end user when logging on to a service without an App Protection Policy that requires one:

To summarise, the end user is requested to log into the Edge browser application. Then, when logged into the Edge browser, it can be seen in the address bar that the App Protection Policies are being loaded:

When it turns out that the device on which Edge is installed or when the Edge browser is not (or no longer) compliant with the requirements of the App Protection Policy, a similar message appears in the Edge application:

Immediately after applying the App Protection Policy, restrictions are imposed within Edge, for example in the case of copying data from an email:

Besides being able to restrict the copying of data from the Edge browser, it is also impossible to move data out of the Edge browser. For instance, the downloading of a file. 

screen shot

Additionally, the App Configuration Policies have also been implemented immediately:

While this new Edge App Protection Policy for Windows is a great start, expanding the application scope of the Windows App Protection Policies would be a useful addition. 

Would like to find out more? Get in touch with our Microsoft experts today:

Author: Tim Struik

Relevant Resources

Our Voice

What is Data Classification?

Discover the fundamentals of data classification, why it’s essential for secure information management, and how to implement it effectively in your organisation.

Learn More

Technology Talks

Achieving NIS2 Compliance

Tune into CWSI's Client Solutions Director, Paul Conaty, as he addresses key questions about the new NIS2 directive and its impact on organisations.