Microsoft on Monday announced that the iOS and Android versions of its Edge browser now support single sign-on (SSO) and conditional access - crucial security, management and convenience features to the enterprise.
Integrating Edge on mobile into the broader enterprise ecosystem - leveraging the SSO of Azure Active Directory (Azure AD), for example - may be Microsoft's best shot at getting its most important customers to adopt the browser.
Edge's user share on mobile has been microscopic. According to analytics vendor Net Applications, Edge accounted for just six-hundredths of one percentage point in March, or more than 1,000 times less than the leader, Google's Chrome.
Support for SSO and conditional access was added in a public preview of Edge, Mayunk Jain, a senior product manager, said in an April 22 post to a company blog. Jain told users to install the latest version and provided a link to an acquisition page.
Sign in, please
Users of Edge can now launch Azure AD-connected web apps, third-party or in-house, without having to re-enter credentials. Once logged in to the device, all other Azure-AD connected apps - those are designated by the organisation's IT staff - can be accessed sans additional authentication.
Edge can replace the clumsy Intune Managed Browser - a bare bones browser previously awarded managed status by Microsoft - for SSO, and thus streamline web app access. (Intune Managed Browser was first integrated with Azure AD and SSO in mid-2017, months before Edge debuted on iOS or Android.) It's also a way to push Edge onto enterprise users, who Microsoft must hope will dispense with the default browsers on their mobile devices (Chrome for Android, Safari for iOS).
More important to the organisation than SSO, conditional access support has also been handed Edge, said Jain, who didn't mince words about the browser rivals. "You can now enforce policy-managed Microsoft Edge as the approved mobile browser to access Azure AD-connected web apps, restricting the use of unprotected browsers like Safari or Chrome," he wrote.
"Conditional access" is the umbrella term for a set of IT-mandated policies that determine which devices, from where and under certain situations, can access an organisation's web apps from mobile devices. Rather than rely solely on username-password authentication to grant access, conditional access can consider a wide range of circumstances that must be in place before allowing the user to tap into company data. Is the device fully patched? Is it connecting from a familiar geographic location or does its IP address put it suddenly in, say, Moscow?
Like SSO, conditional access is a feature of Azure AD, but unlike the former, the latter is limited to the most expensive identity plans, or SKUs of pricey subscriptions like Microsoft 365.
It's also a club Microsoft can wield to get more enterprise users running Edge. "Users attempting to use unmanaged browsers such as Safari and Chrome will be prompted to open Microsoft Edge instead," Jain pointed out when describing how conditional access works with Edge.