Microsoft adds more reasons for enterprise users to run Edge on mobile devices

Microsoft on Monday announced that the iOS and Android versions of its Edge browser now support single sign-on (SSO) and conditional access – crucial security, management and convenience features to the enterprise.

Integrating Edge on mobile into the broader enterprise ecosystem – leveraging the SSO of Azure Active Directory (Azure AD), for example – may be Microsoft’s best shot at getting its most important customers to adopt the browser.

Edge’s user share on mobile has been microscopic. According to analytics vendor Net Applications, Edge accounted for just six-hundredths of one percentage point in March, or more than 1,000 times less than the leader, Google’s Chrome.

Support for SSO and conditional access was added in a public preview of Edge, Mayunk Jain, a senior product manager, said in an April 22 post to a company blog. Jain told users to install the latest version and provided a link to an  acquisition page.

Sign in, please

Users of Edge can now launch Azure AD-connected web apps, third-party or in-house, without having to re-enter credentials. Once logged in to the device, all other Azure-AD connected apps – those are designated by the organization’s IT staff – can be accessed sans additional authentication.

Edge can replace the clumsy Intune Managed Browser – a bare bones browser previously awarded managed status by Microsoft – for SSO, and thus streamline web app access. (Intune Managed Browser was first integrated with Azure AD and SSO in mid-2017, months before Edge debuted on iOS or Android.) It’s also a way to push Edge onto enterprise users, who Microsoft must hope will dispense with the default browsers on their mobile devices (Chrome for Android, Safari for iOS).

Certain conditions

More important to the organization than SSO, conditional access support has also been handed Edge, said Jain, who didn’t mince words about the browser rivals. “You can now enforce policy-managed Microsoft Edge as the approved mobile browser to access Azure AD-connected web apps, restricting the use of unprotected browsers like Safari or Chrome,” he wrote.

“Conditional access” is the umbrella term for a set of IT-mandated policies that determine which devices, from where and under certain situations, can access an organization’s web apps from mobile devices. Rather than rely solely on username-password authentication to grant access, conditional access can consider a wide range of circumstances that must be in place before allowing the user to tap into company data. Is the device fully patched? Is it connecting from a familiar geographic location or does its IP address put it suddenly in, say, Moscow?

Like SSO, conditional access is a feature of Azure AD, but unlike the former, the latter is limited to the most expensive identity plans, or SKUs of pricy subscriptions like Microsoft 365.

It’s also a club Microsoft can wield to get more enterprise users running Edge. “Users attempting to use unmanaged browsers such as Safari and Chrome will be prompted to open Microsoft Edge instead,” Jain pointed out when describing how conditional access works with Edge.

Late last year, Microsoft said it would rejigger Edge, dropping its own rendering and JavaScript engines, replacing them with those from the open-source Chromium project, which feeds code to Chrome. Although Edge for Android uses Chromium’s components, Apple’s App Store requirements will force Edge on iOS to continue using Safari’s rendering and JavaScript engines.