Posted on 03-07-2022 12:07 PM
We have noticed that iOS MS Edge has forced the Sync accounts startup screen on Edge. This was introduced in version 98.1108.56. I put the following in the Edge app config section in Jamf, but it did not work. Maybe these values are only good for Intune?!?!?
<dict>
<key>com.microsoft.intune.mam.managedbrowser.account.syncDisabled</key>
<true/>
</dict>
https://docs.microsoft.com/en-us/mem/intune/apps/manage-microsoft-edge
Wondering if there's any App Config that would disable this feature or how do people control MS Edge on iOS devices.
Solved! Go to Solution.
03-07-2022 01:47 PM - edited 03-07-2022 01:48 PM
With Managed App Config on iOS your key needs to target a simple, single value i.e. like HomePage instead of what you have above. inTune or Endpoint Mobility Manager or whatever it's called these days treats this differently apparently.
It took some digging but I cribbed the key you're looking for from Microsoft's Jamf Pro custom schema for the macOS version of Edge. This documentation page will be of some help.
Use SyncDisabled in the key field. Take note of the case of the S and make sure it's capitalized.
<dict>
<key>SyncDisabled</key>
<true/>
</dict>
03-07-2022 01:47 PM - edited 03-07-2022 01:48 PM
With Managed App Config on iOS your key needs to target a simple, single value i.e. like HomePage instead of what you have above. inTune or Endpoint Mobility Manager or whatever it's called these days treats this differently apparently.
It took some digging but I cribbed the key you're looking for from Microsoft's Jamf Pro custom schema for the macOS version of Edge. This documentation page will be of some help.
Use SyncDisabled in the key field. Take note of the case of the S and make sure it's capitalized.
<dict>
<key>SyncDisabled</key>
<true/>
</dict>
Posted on 09-21-2022 03:48 AM
Hi Mainely,
I believe the SyncDisabled worked fine as above on a single key entry into the AppConfiguration field but when adding additional for Edge iOS anything after disabling Sync doesn't appear to apply.
<dict>
<key>SyncDisabled</key>
<true/>
<key>AADWebSiteSSOUsingThisProfileEnabled</key>
<false/>
<key>PasswordManagerEnabled</key>
<false/>
</dict>
Could you give your thoughts on the above?
Thanks,
Posted on 03-07-2022 03:57 PM
Thanks, seems like some of these policies for macOS work on iOS. The SyncDisabled did suppress the Sync login screen.
02-15-2023 03:19 AM - edited 02-15-2023 03:21 AM
As @mainelysteve mention above here the key SyncDisabled works but I need to set a default Homepage. I have tried all possible values for the homepage with the key Homepage, HomePage and homepage and also the macOS HomePageLocation mentioned here https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#homepagelocation without success.
Have anyone here managed to get the default homepage to work with App Configuration on Edge for iOS or do I need to go the Chrome route and setup Chrome management with Googles new Cloud Management?
Posted on 04-17-2023 03:16 PM
Little late to this convo but we have a (mostly) working AppConfig for our iOS deployment of Microsoft Edge as our managed browser for BYO devices. The one that never seems to stick no matter what we try is the InPrivateModeAvailability, everything else seems to work fine.
<dict>
<key>SyncDisabled</key>
<true/>
<key>PersonalizationReportingEnabled</key>
<false/>
<key>DefaultBrowserSettingEnabled</key>
<false/>
<key>HomepageLocation</key>
<string>https://yourcompany.okta.com</string>
<key>NewTabPageLocation</key>
<string>https://yourcompany.okta.com</string>
<key>DiagnosticData</key>
<integer>0</integer>
<key>InPrivateModeAvailability</key>
<integer>1</integer>
</dict>
I have found that Edge doesn't seem to see changes to AppConfig on the fly (if you see a Settings - Managed App Configuration command push successfully to a device) so if you adjust your App Configuration on a deployment you may need to delete the app and reinstall it for the app to register those settings correctly on first launch.
Would love to see Microsoft publish some true example App Configurations for other MDMs, though I suppose I understand why all of their documentation would clearly bias Intune…
Posted on 04-23-2024 06:49 PM
@emily I wish I had found your comment sooner and had come up with a similar config when trawling through the manifest.
I agree that InPrivateModeAvailability is not reliable. When it worked, the NewTabPageLocation didn't auto-open the page, and I had to manually open it. Until I found the below ClearBrowsingDataOnExit configuration, private browsing seemed like the best solution for a shared device.
We're using Jamf Setup and Reset and also added and confirmed this key is working:
<key>ClearBrowsingDataOnExit</key>
<true/>
This is helpful when running Jamf (soft) Reset for the next user.
Hopefully Microsoft will extend more app config support to iPad/iOS, I found Apple (Safari) to have limited configuration options, chop chop Apple 😉!
PS When configuring the sso extension CP for Shared Devices, I found this configuration helpful for app sso sign in:
<dict>
<key>sharedDeviceMode</key>
<true/>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.jamf.,com.jamfsoftware.</string>
<key>browser_sso_interaction_enabled</key>
<integer>1</integer>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>
Thankyou to @talkingmoose for helping!