You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/in-browser-protection.md
+25Lines changed: 25 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -82,6 +82,31 @@ For example, if you have an Endpoint DLP policy that blocks a file upload to Sal
82
82
83
83
For more information, see [Learn about data loss prevention](/purview/dlp-learn-about-dlp).
84
84
85
+
## Enforce Edge in-browser when accessing business apps
86
+
Administrators who understand the power of Edge in-browser protection, can require their users to use Edge when accessing corporate resources.
87
+
A primary reason is security, since the barrier to circumventing session controls using Edge is much higher than with reverse proxy technology.
88
+
89
+
Admin experience
90
+
The feature is controlled through the following settings:
91
+
M365 Defender > Settings > Cloud Apps > Edge for Business protection > Enforce usage of Edge for business
92
+
93
+
The following options are available:
94
+
- Do not enforce (default)
95
+
- Allow access only from Edge
96
+
- Enforce access from Edge when possible
97
+
98
+
Admins have the option to apply policies on all devices or only on unmanaged devices.
99
+
100
+
**Allow access only from Edge** means that access to the business application, scoped to session policies, can only be obtained via the Edge browser.
101
+
102
+
**Enforce access from Edge when possible** means that users should use Edge to access the application if their context permits, but if not, they may use a different browser to access the protected application.
103
+
104
+
For example:
105
+
If a user is subject to a policy that does not align with in-browser protection capabilities (such as, 'Protect file upon download'), OR
106
+
the Operating System is incompatible (for instance, Android).
107
+
In that scenario, because the user lacks control over the context, they may opt to use a different browser.
108
+
If the policies applicable to him allow it and the operating system is compatible (Windows 10, 11, macOS), then he is required to utilize Edge.
109
+
85
110
## Related content
86
111
87
112
For more information, see [Microsoft Defender for Cloud Apps Conditional Access app control](proxy-intro-aad.md).
0 commit comments