Scenario

Microsoft recently released an extension to Edge, Chrome and Firefox to simplify the use of Azure AD connected applications, Office 365, Enterprise apps etc. This is a one-stop place for your users to launch the Azure AD connected applications from their favorite web browser.

Solution

To make this available to your users with your Modern Intune managed environment, deploy the Edge extension (or other web browser extension) and communicate to your users how to use the new Extension features.

Technical solution

Here I will explain how to deploy the extension with Microsoft Intune.

First Logon to Microsoft Store for Business, search for My Apps Secure Sign-in Extension, Press Get the app and press Close

Now, head over to to the Azure Portal and the Intune blade.

Change to Mobile apps > Microsoft Store for Business, and press Sync

Change to Apps and make sure the app is in the list, select the app

And find some groups of users or devices to assign the App to

Start up your Windows 10 client, and initiate a synchronization from Settings > Accounts > Access work or school

Open Edge and wait ~10 seconds, or start browsing something, and the following popup will automatically appear

Press Turn it on and a new icon will appear at the top right menu in Edge.

If you for any reason missed the popup, Head over to Settings and more(Alt+X) … and then Extensions

Click the extension, and turn the extension on

Remember that it is the users choice to activate the extention, and it is not supported to change this behavior. So please don’t hack andy small detail that you’ll see, that will just keep you busy “fixing” things that you just broke!

Some Microsoft quotes:

“All extensions for Microsoft Edge must be deployed from the Microsoft Store. The installation must be initiated and completed by the user, using only the user experience provided by Microsoft Edge and the Microsoft Store.”

“Any other mechanism that impacts the configuration of Microsoft Edge, or the content that the browser displays, unless explicitly listed in this document is unsupported.”

End user experience

For the user when they start using the extension/features, it works like this.

The user press Sign in to get started, then the user will easier get to my apps and possibility to search for apps directly in the Edge as shown below

This will minimize user sign ins to your enterprise apps and be more productive!

Sources

https://cloudblogs.microsoft.com/enterprisemobility/2018/01/23/now-available-faster-simpler-sign-in-experiences-for-azure-ad-connected-apps/

https://docs.microsoft.com/en-us/microsoft-edge/extensions/microsoft-browser-extension-policy