You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-cloud-apps/in-browser-protection.md
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: In-browser protection with Microsoft Edge for Business | Microsoft Defender for Cloud Apps
3
3
description: Learn about using in-browser protection with Microsoft Defender for Cloud Apps session policies and Microsoft Edge for Business.
4
-
ms.date: 01/26/2025
4
+
ms.date: 10/20/2025
5
5
ms.topic: how-to
6
6
#customerIntent: As a Defender for Cloud Apps admin, I want to learn about the user experience with in-browser protection.
7
7
---
@@ -12,6 +12,9 @@ Defender for Cloud Apps users who use Microsoft Edge for Business or Purview Dat
12
12
13
13
Protected users experience a smooth experience with their cloud apps, without latency or app compatibility issues, and with a higher level of security protection.
14
14
15
+
> [!NOTE]
16
+
> In-browser protection with Microsoft Edge is only available to Microsoft Defender for Cloud Apps commercial tenants.
17
+
15
18
## In-browser protection requirements
16
19
17
20
To use in-browser protection, users must be in their browser's work profile.
@@ -27,8 +30,8 @@ To use in-browser protection, users must also have the following environmental r
27
30
|**Operating systems**|Windows 10 or 11, macOS|
28
31
|**Identity platform**|Microsoft Entra ID|
29
32
|**Microsoft Edge for Business versions**|The last two stable versions. For example, if the newest Microsoft Edge is 126, in-browser protection works for v126 and v125. <br> For more information, see [Microsoft Edge releases](/deployedge/microsoft-edge-release-schedule#microsoft-edge-releases).|
30
-
|**Supported session policies**|<ul><li>Block\Monitor of file download (all files\\*sensitive files)</li><li>Block\Monitor file upload (all files\\*sensitive files)</li><li>Block\Monitor copy\cut\paste</li><li>Block\Monitor print</li><li>Block\Monitor malware upload</li><li>Block\Monitor malware download</li></ul> <br> Users that are served by multiple policies, including at least one policy that's *not* supported by Microsoft Edge for Business, their sessions are always served by the reverse proxy. <br><br> Policies defined in the Microsoft Entra ID portal are also always served by reverse proxy.<br> *Sensitive files identified by built-in DLP scanning are not supported for Microsoft Edge in-browser protection|
31
-
|**Supported Purview DLP policies**|Please see: [Activities you can monitor and take action on in the browser](/purview/dlp-browser-dlp-learn#activities-you-can-monitor-and-take-action-on) <br>Purview policies are always served by in-browser protection.|
33
+
|**Supported session policies**|<ul><li>Block\Monitor of file download (all files\\*sensitive files)</li><li>Block\Monitor file upload (all files\\*sensitive files)</li><li>Block\Monitor copy\cut\paste</li><li>Block\Monitor print</li><li>Block\Monitor malware upload</li><li>Block\Monitor malware download</li></ul> <br> Users that are served by multiple policies, including at least one policy that's *not* supported by Microsoft Edge for Business, their sessions are always served by the reverse proxy. <br><br> Policies defined in the Microsoft Entra ID portal are also always served by reverse proxy.<br> *Sensitive files identified by built-in DLP scanning aren't supported for Microsoft Edge in-browser protection|
34
+
|**Supported Purview DLP policies**|See: [Activities you can monitor and take action on in the browser](/purview/dlp-browser-dlp-learn#activities-you-can-monitor-and-take-action-on) <br>Purview policies are always served by in-browser protection.|
32
35
33
36
All other scenarios are served automatically with the standard reverse proxy technology, including user sessions from browsers that don't support in-browser protection, or for policies not supported by in-browser protection.
34
37
@@ -53,7 +56,7 @@ Also, the `.mcas.ms` suffix doesn't appear in the browser address bar with in-br
53
56
54
57
### Work profile enforcement for in-browser protection
55
58
56
-
To access a work resource in *contoso.com* with in-browser protection, you must sign in with your `[email protected]` profile. If you try to access the work resource from outside the work profile, you will be prompted to switch to the work profile or create one if it doesn't exist. If access from the Microsoft Edge work profile isn't enforced, you can also choose to continue with your current profile, in which case you're served by the [reverse proxy architecture](proxy-intro-aad.md).
59
+
To access a work resource in *contoso.com* with in-browser protection, you must sign in with your `[email protected]` profile. If you try to access the work resource from outside the work profile, you'll be prompted to switch to the work profile or create one if it doesn't exist. If access from the Microsoft Edge work profile isn't enforced, you can also choose to continue with your current profile, in which case you're served by the [reverse proxy architecture](proxy-intro-aad.md).
57
60
58
61
If you decide to create a new work profile, you'll see a prompt with the **Allow my organization to manage my device** option. In such cases, you don't need to select this option to create the work profile or benefit from in-browser protection.
0 commit comments