Step 5. Understand Microsoft Edge for Business end user experience for Windows
Now that you've configured your Microsoft Entra conditional access policy and created your first app protection policy for Windows, you can launch Microsoft Edge for Business using a managed or unmanaged device.
The end user experience in Microsoft Edge for Business is designed to be productive, secure, and user-friendly. This secure enterprise browser experience includes the following features:
Visually distinct work browsing experience: Microsoft Edge for Business provides a visually distinct work browsing experience with refreshed visual treatment. This helps users easily distinguish between their work and personal browsing sessions.
Enterprise personal browsing experience: Microsoft Edge for Business offers a lightly managed personal browsing experience that lets users access their favorite nonwork sites and services without compromising safety for the enterprise. It also automatically switches from work-related navigation into the work browser.
Automatic switching: This feature helps enforce context separation between work and personal browsing. It ensures that work-related content doesn't get intermingled with personal browsing, preventing users from accidentally sharing sensitive information with unintended audiences.
Security: It has powerful, built-in defenses against phishing and malware and natively supports hardware isolation on Windows.
Microsoft Edge for Business provides dedicated work browsing experience that is visually distinct, secure, and user-friendly. It separates work and personal browsing into dedicated browser windows with their own favorites, separate cache, and storage locations.
Onboarding experience
To evaluate the onboarding experience, launch Microsoft Edge from the desktop and perform the sign-in process in your browser. It's important to consider that the device can't be managed by any MDM solution, otherwise you won't be able to enroll into the MAM Service.
Locate Microsoft Edge on the desktop.
Select the Microsoft Edge icon and wait for it to load. Once loaded, you'll see a user icon at the top, left of the browser window.
Select the user icon to display your managed account details.
Select Sign in to sync data.
Enter your email address for the tenant.
Enter your password for the account.
Note
The sign-in process within your organization may vary. Regardless of the method, completing the sign-in process is essential to add your user profile to Microsoft Edge.
Always keep your password secure.
Uncheck Allow my organization to manage my device and select OK.
Important
You need to make sure the checkmark is unselected otherwise you will enroll the device into Intune, you should also not select the option No, sign in the app only as this will not enroll or ensure MAM is operational for the browser.
Wait until you see the message, You're all set! Then, select Done.
Confirm that you're signed-in by clicking on the user icon again.
Note
Now that enrollment is complete your browser is protecting your corporate data.
App protection notifications
Intune will notify you with various messages in the event of a failure. Here are the scenarios:
App access blocked message: This message appears when your applied app protection policy has failed the MDT threat level check.
Your organization prevents you from copying content from this website: This message appears when you attempt to move data in a way that is blocked by your DLP policy.
Your organization prevents you from printing this website: This message appears when your applied Level 3 app protection policy has failed the printing check.
Your organization prevents you from downloading this file: This message appears when your applied Level 3 app protection policy has failed downloading apps check.
Offline Grace Period Expired: This message appears when Intune determines that you have been logged in for an extended period without use.
Next step
Continue with Step 6 to troubleshoot Microsoft Edge for Business.