How to Handle And Configure Intune Managed Browser For DLP (An Alternate Resolution to App Configuration with Permit Block URL)

By | March 9, 2018

Introduction:

Intune Managed Browser app helps you to safely view and navigate net pages that may comprise firm data and supplies a safe web-browsing expertise for Microsoft workplace and different apps managed by Microsoft Intune. This browser assist your IT administrator shield firm data with out proscribing your common net looking or app experience.

Intune Managed Browser is simply not like different browsers (Chrome ,Firefox and different third social gathering browsers ) .That is distinctive browser that doesn’t allow you to add any recordsdata ,which implies you may open gmail,onedrive or any cloud internet hosting supplier in intune browser however can not allow you to add any recordsdata .How does it matter to me with this .? Properly ,In case you are utilizing Microsoft Intune as cell gadget administration answer ,you want to plan and configure the MAM insurance policies (Data control) for Intune browser.

Below is the situation that may assist you to grasp about data leakage from intune browser and the manner it helps to keep away from configuring permit /block URLs for finish customers from my experience.

If you configure MAM Coverage (data control) together with your required software settings for all intune supported functions together with Intune Managed browser ,you’ll expertise data leakage points with managed browser until you configure allow/block URLs utilizing App Configuration .Why do i hit DLP Points with managed browser ? Okay, In the occasion you configure MAM coverage with following setting (Policy managed apps or with previous in),you are permitting data to repeat from onedrive, teams,outlook and so on to Intune managed browser .I can open intune managed browser ,open gmail/onedrive ,copy the information from intune apps to any of those un managed websites to leak the data.

OR you may configure permit or Block record of URLs however what quantity of URLs do you configure ? There might be tons of URLs which person would possibly need to entry which is not possible to configure with permit or block action.

So what’s the answer then ? In the occasion you actually care about DLP ,then i see only one doable answer that may minimize/no DLP points .

image

The answer which am going to speak about will remove the necessity of configuring allow/block record of URL and permit customers to open all of the hyperlinks from the managed functions utilizing browser routinely and decline copy/paste choice from these managed apps to intune managed browser. I do not see a cause for person to repeat the information from managed apps to intune managed browser besides open the hyperlinks. feedback through feedback section.

Solution:

When you configure MAM coverage for iOS ,Android, don’t select intune managed browser .We’ll create separate MAM coverage for iOS and Android OS.

Create MAM coverage for iOS/Andriod with following settings (MAM_iOS_IntuneBrowser) for Managed Browser application.

Targeted Apps ,select Managed Browser

Policy Settings: Look out for the first settings which can be arrowed.

image

With this configuration ,we permit customers to open any hyperlinks from the managed functions to intune managed browser however prohibit reduce copy paste .

If you need to permit block record of URLs ,i blogged about it beforehand right here http://eskonr.com/2017/12/configure-bookmarks-allow-and-block-urls-for-the-managed-browser-using-intune/

Until Next!


Please check this great service at: http://www.test-net.org/services/network-mask-calculator/ or visit FREE SERVICES menu

[Total: 0    Average: 0/5]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.