So now that I have a little spare time during my holiday, I couldn’t help my self but thinking about a problem where employees of a client could not open URL’s to websites on their mobile phones. I know I should think about the azure colored sea and sandy beaches waiting for us, but there was something about those links not opening in any browser, including the Intune Managed Browser. Do you have app protection policies configured and users complaining they receive a “No available apps”error when trying to open a URL? Then I hope this post helps a little. In a previous post I wrote about managing BYOD devices with Intune MAM policies and I suggest you read that if all this is new to you.
Intune App Protection Policies
I started reviewing the policies configured and reading up on the documentation. Please see a screenshot for the configuration I started off with.
- Navigate to >Azure Portal> Intune> Mobile Apps> App protection policies
- Open the policy in question
- Click on Policy settings
Notice the following settings:
- “Allow app to transfer data to other apps” has been set to “Policy managed apps”
- “Restrict web content to display in the Managed Browser” has been set to “No”
User experience on Mobile without Intune Managed Browser
I’ll get back on the Policy settings but before I continue, I had to see myself so I enrolled a test Android device to MDM and made sure the policies are applied to my device. Then I tried to open any URL to see what would happen.
Like all affected users I cannot open a URL. Even after installing the Intune Manged Browser I got the same error “No available apps. There are no apps on this device that your organization allows to open this content. Contact your IT administrator for help.”
So this is annoying at the very least. The first thing I did was to set the restrict web content to display in the Managed Browser setting to Yes, sync the policy and try again. Now I can open URL’s with the Intune Managed Browser. (Make sure the Managed Browser is installed)
Why did this work? It’s the Allow app to transfer data to other apps setting. This policy impacts the behavior of web content and when set to policy managed apps, then http links will only be able to open in the Managed Browser.
Since the restrict web content to display in the Managed Browser was set to No there are no other apps that can open URL’s and the users will see this error.
You can read the Microsoft documentation about Android app protection policy settings in Microsoft Intune for more info.
Like most of us the administrator started out and configured the settings to the best of his knowledge. He did read How to create and assign app protection policies but did not read about all the possible settings and the impact some of them have. We now have the settings configured like this:
If you do want to configure the Allow app to transfer data to other apps setting, you will have to think about other implications as well. You might for example want to add Data Transfer Excemptions to allow data transfer between apps. In most cases configuring this policy setting to Allow all apps will work but if you are concerned about data leaks you might want a little more restricting setting.
- Support Tip: Intune APP, Android, and the Managed Browser
- How to create and assign app protection policies
- Android app protection policy settings in Microsoft Intune
- Data transfer exceptions