| |

How to Protect Contractor Browsing with Intune and Edge for Business: Step-by-Step Configuration Guide

ByTechieGeek

Step-by-Step Guide to Configuring Contractor Browsing Protection with Intune and Edge for Business

To ensure secure browsing and data protection for contractors using agency-managed devices, you can configure Intune app protection policies combined with Edge for Business. This setup allows contractors to work securely, even on devices not directly controlled by your companyโ€™s IT team. Hereโ€™s how you can get this configured in Microsoft Intune.

Step 1: Set Up Microsoft Edge for Business

Before configuring Intune app protection policies, ensure that Edge for Business is deployed on the contractorโ€™s devices.

  1. Download and Install Microsoft Edge:
    • Contractors will need to install Microsoft Edge on their devices (if not already installed).
    • Make sure the version of Edge being used supports the work profile feature.
  2. Create a Separate Work Profile:
    • When setting up Edge for Business, create a separate work profile on contractors’ devices. This profile will be used for accessing company resources.
    • Contractors will use this profile exclusively for work-related activities, ensuring that company data is isolated from personal browsing and apps.

Step 2: Configure Intune App Protection Policies

  1. Go to Microsoft Endpoint Manager Admin Center:
  2. Create a New App Protection Policy:
    • Under Apps, select App protection policies.
    • Click Create policy and choose iOS/Android or Windows 10 and later based on the device platforms contractors are using.
  3. Configure App Protection Settings:
    • Data protection settings: Ensure that contractors cannot copy or move company data to unauthorized locations.
      • Restrict Cut, Copy, and Paste between apps.
      • Restrict saving data to the device. Files should only be saved in OneDrive for Business.
      • Prevent screen capture of sensitive content.
    • Access settings: Control which apps are allowed to access company data.
      • Allow access to apps only within the Edge work profile for contractors. You can whitelist specific apps for work-related access.
    • Enforce encryption: Ensure that sensitive data stored within the work profile is encrypted, even if contractors are using personal devices.
  4. Assign the App Protection Policy to Contractors:
    • After configuring the settings, assign the policy to the relevant group of contractors or users who need access to work resources.
    • You can assign the policy based on user groups or devices to ensure that only the relevant contractors are affected.

Step 3: Configure Conditional Access for Secure Access

To control which contractors can access company data and how they access it:

  1. Go to Conditional Access in the Endpoint Manager:
    • Navigate to Endpoint security > Conditional Access.
  2. Create a New Conditional Access Policy:
    • Select New policy and define the conditions for contractors to access company data securely.
    • Define conditions based on:
      • Device state: Ensure devices are compliant with Intune security policies.
      • App state: Require contractors to access apps only through Edge for Business.
  3. Grant Access Based on Compliance:
    • Choose to allow access only if the contractorโ€™s device is compliant with the Intune app protection policies.
    • You can also block access if the device doesnโ€™t meet security requirements.

Step 4: Set Up OneDrive for Business for Secure Data Storage

  1. Ensure OneDrive for Business is Set Up:
    • Ensure that OneDrive for Business is properly configured for contractors, and they have access to the storage.
    • Contractors should be directed to store all company data in OneDrive for Business rather than locally on the device.
  2. Configure OneDrive Sync Settings in Intune:
    • Go to Devices > Windows > Configuration profiles > Create profile.
    • Select OneDrive settings and configure it to automatically sync work files to OneDrive for Business.
    • Ensure that files are not stored locally and all company-related content is automatically uploaded to OneDrive.
  3. Apply the OneDrive Settings to Contractorsโ€™ Devices:
    • Assign these settings to the contractorโ€™s devices to ensure that files are automatically saved to OneDrive, and copying or transferring data to local storage is blocked.

Step 5: Review and Monitor the Setup

  1. Test the Configuration:
    • Test the setup on a few contractor devices to ensure that Edge for Business and the Intune app protection policies are working as expected.
    • Make sure that contractors can access company resources through Edge, but that sensitive data is restricted to OneDrive for Business.
  2. Monitor Access and Compliance:
    • Use the Intune Admin Center to monitor compliance and ensure contractors are following security protocols.
    • You can check reports on app access, data storage, and compliance with the assigned policies.
  3. Ongoing Adjustments:
    • As needs change, adjust the app protection policies, conditional access, and OneDrive settings based on feedback from contractors and any evolving security requirements.

Conclusion

By combining Microsoft Intune app protection policies and Edge for Business, you can safely manage contractor access to company data on devices that are not controlled by your IT department. This setup ensures that sensitive information stays protected, even on external devices, while giving contractors the flexibility they need to work efficiently.

With these steps, you can empower contractors with secure, cloud-based access without compromising your organization’s security. Plus, this solution helps reduce complexity and administrative overhead, making it a win-win for both contractors and IT teams.

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *