- When checking the links in their email address, many users will require a managed browser to open this link they have in mind.
- The error is related to Microsoft Intune, a cloud-based service that manages both mobile devices and apps.
- Things can get back to normal when it comes to the Settings option: require a managed browser to open links by creating a protection policy for Outlook in Microsoft Intune.
- As an alternative, just configure Conditional Access for Microsoft 365 by following our procedure.
When you usually want to access a web app, you can do it straight from your mobile browser.
Regardless if you use Mozilla Firefox, Google Chrome, or Safari, you will require a managed browser to open this link you have in mind.
This error message is usually related to Microsoft Intune, a cloud-based service that manages mobile devices and mobile applications.
When using it, you gain control on how the devices of your organization are used, and this includes tablets, laptops and mobile phones.
Users have discussed this issue in the Microsoft forum:
Can someone please tell me how can I force staff to open links on the managed browser. Currently, when someone emailed a link to Outlook, the user on mobile Outlook app clicked on the link and it is opening on the default browser on the mobile.
When someone clicks on the link on Outlook mobile app, the website must open in the managed browser.
We have prepared several solutions that will address this issue. Read the next section and check how you can solve the require a managed browser to open this link issue.
What to do if you require a managed browser to open a link?
1. Create a protection policy for Outlook in Intune
- Open Microsoft Intune and navigate to Client apps.
- Select App protection policies, and then Create policy.
- Click on Settings and go to Allow app to transfer data to other apps.
- Select Policy managed apps in that section.
- Check Restrict web content transfer to other apps.
- Select Policy managed browsers in that section.
This solution allows you to choose to either select the option from step four or five or to select both options from steps four and six.
If you use it, it should solve the require a managed browser to open this link issue.
2. Apply Conditional Access
Configure Conditional Access for Microsoft 365
- Sign in as administrator to the Azure portal.
- From Azure Active Directory, navigate to Security.
- Navigate to the Conditional Access section.
- Choose New policy and give it a name.
- From Assignments choose Users and groups and then Include.
- Select All users or specific Users and groups, and then Done.
- Navigate to Cloud apps or actions, check Include, and then choose Office 365.
- Navigate to Conditions, choose Device platforms, set Configure to Yes.
- Include Android and iOS, navigate to Conditions, choose Client apps.
- From Configure select Yes, and choose Mobile apps and desktop clients.
- Deselect everything else.
Ensure you have taken each of the above-mentioned steps and then proceed to the second part of the first stage.
- Navigate to Access controls, select Grant the three options (see next step).
- Select Require approved client app, followed by Require app protection policy.
- Choose Require one of the selected controls.
- Confirm settings, go to Enable policy, and set it to On.
- Choose Create for creating and enabling that policy.
This solution ensures all mobile access to Microsoft 365 uses approved apps such as OneDrive and Outlook Mobile.
They are protected by an application protection policy before you receive access to them.
Use this solution for your organization and solve the require a managed browser to open this link issue. The first stage is to apply Conditional Access for Microsoft 365.
The next one requires you to configure the Azure AD Conditional Access policy using ActiveSync for Exchange Online. You will find below what are the steps you must take in this regard.
Configure an Azure AD Conditional Access policy with ActiveSync (EAS)
- Log in to Azure Active Directory.
- Select Security and Conditional Access.
- Choose the New policy option, name it and navigate to Assignments.
- Choose Users and groups, and from Include select All users or specific Users and groups.
- Select Done, navigate to Cloud apps or actions, and choose Office 365 Exchange Online.
- Navigate to Conditions, choose Client apps, and from Configure select Yes.
- Choose the Exchange ActiveSync clients while deselecting everything else.
- In Access controls, select Grant access and Require app protection policy, and choose Select.
- Confirm settings, navigate to Enable policy, and select On.
- Choose Create and then create and enable the new policy.
The third stage of this solution requires you to focus on Android and iOS applications. Your task will be to configure an Intune protection policy for them by applying the steps explained below.
Configure Intune protection policy for Android and iOS applications
- Log into the Microsoft Endpoint Manager admin center.
- Select Apps and App protection policies.
- Choose Create policy and then iOS/iPadOS or Android.
- In Basics add values to Name and Description sections for Platform.
- Click Next, navigate to Apps and add a minimum of one application.
- In Target to apps on all device types select Unmanaged or Managed for iOS.
- Choose between Unmanaged, Android device administrator, and Android Enterprise for Android.
- Ensure to check Select public apps and Select custom apps.
- Click Next to navigate to Data protection settings.
- Click Next to navigate to Conditional launch.
Conditional launch for iOS and Android
- Select Setting, insert a Value, and choose Action.
- Click Next and navigate to Assignments.
- Click Next: Review + create and then click Create.
This allows you to set the sign-in conditions for the app protection policy. The Value must be met by users that want to sign in to your company app.
When you choose Action, that section contains the conditions for when users do not meet your requirements. There are certain cases when you can configure multiple actions for a single setting.
The issue named require a managed browser to open this link is something many users have encountered when trying to open a browser.
Some employees have encountered this error when trying to open a link from their work mail address.
We recommend you use Microsoft Intunes for eliminating this error and create a protection policy for Outlook Express. Another way to solve the issue is to apply Conditional Access.
This will require you to perform three additional sub-fixes: configuration for Microsoft 365, configuring a policy with ActiveSync and setting a policy for iOS and Android apps.
Test our solutions and comment in our dedicated section about your experience with our previously mentioned fixes.