Microsoft Edge for Business adds Intune app protection

Microsoft updates Edge for Business, Entra, Intune and Purview to protect browser-based work on Windows PCs managed by other organizations. Edge work profiles apply Intune app protection, Entra controls sign-in routing, and Purview enforces inline DLP without device enrollment.

Microsoft updated Edge for Business, Entra, Intune, and Purview to protect browser work on agency-managed Windows PCs. These changes let organizations apply app protection and DLP without full device enrollment.

Main feature/change and impact

Edge for Business now supports Intune app protection policies in a work profile on Windows devices managed by other organizations. This capability, in public preview, protects corporate data in the browser without requiring device enrollment. Tenant-scoped controls can redirect downloads, restrict copy/paste, and enforce data boundaries inside the managed profile.

Practical implications

Administrators can route users into app protection rather than triggering full device enrollment during sign-in. Entra updates include a modernized registration flow and a setting to disable MDM enrollment prompts. Purview DLP applies inline controls to detect and block risky uploads, downloads, and copy/paste in the browser profile.

“This new capability, currently in public preview, helps organizations to protect work contractors do in the browser, while respecting existing device ownership and management boundaries.”

The update reduces data blind spots for contractors and extended workforce scenarios. Organizations can apply consistent policy stacks that align identity, app protection, browser configuration, and DLP without taking ownership of personal or agency devices. Next steps include enabling the Edge work profile, configuring Intune APP policies for browser profiles, updating Entra sign-in settings to prevent unintended enrollment, and applying Purview DLP rules scoped to the work profile.

Key points from the article:

Edge work profiles enforce tenant-scoped browser data boundaries.

Intune APP policies apply directly to Edge work profiles.

Entra sign-in flow prevents unintended MDM enrollment.

Purview DLP provides inline detection and control in the browser.

Combined controls secure work context without full device ownership.

Related Coverage:

• Extending Windows 365 Reserve with Windows 365 Boot
• Microsoft and Ericsson Advance Enterprise Mobility with Windows 11 and Surface 5G Laptops
• Announcing Windows 11 Insider Preview Build 26220.7872 (Beta Channel)

From the Microsoft Intune Blog articles

---