‘Edge for Business’ Supercharges Browser Profiles and Brings New IT Controls


This Week in IT, Microsoft officially launches Edge for Business, bringing with it updates to browser profiles and new controls for IT. Plus, Windows 365 is coming to VMWare Horizon, admins get a new control for Windows Update on Windows 11, and all the rest of this week’s announcements….

Use the timestamps on the YouTube player to jump to the following sections:

00:00 – Start
00:36 – Microsoft Edge for Business
07:37 – Windows 365 and VMWare Horizon
09:20 – Windows Update new control
10:30 – Microsoft Entra ID API-driven account provisioning
12:13 – Microsoft Teams app store
13:32 – Outlook sensitivity labels
14:02 – SharePoint access controls
14:15 – Microsoft Intune macOS PKG app deployment


This Week in IT, Microsoft officially launches Edge for Business, bringing with it updates for browser profiles and new controls for IT admins. Plus, Windows 365 is coming to VMware Horizon. Admins get a new control for Windows Update on Windows 11, plus all the rest of this week’s news.

Welcome to This Week in IT, where I cover all the latest announcements on Microsoft 365 and Windows.

Browser profiles are not a new thing. They’ve been around in Google Chrome for a long time and of course Microsoft Edge is based on Chrome, so naturally that profile feature comes across into Edge. What it allows you to do essentially is separate the logins, favorites and history, all of that browsing data between two different contexts. You might have a context for your personal browsing, so your personal email, that kind of thing, your online banking, and then again maybe all the stuff that you do for work in a different browser profile. This comes in really handy, especially for people who have multiple logins for the same site.

For instance, I have my own personal login for Microsoft 365 and I have a work login for Microsoft 365. That can be a little bit tricky to manage in the same browser profile. I have a different profile for all of my work websites and all the browsing and applications that I need to do for work. Edge for Business brings with it a new feature that really supercharges this profile feature. The problem with browser profiles, regardless of whether you’re using Chrome or Edge, has always been that you need to understand how they work as an end user and then manage which sites open up in which profile.

Should this site open up in your work profile or your personal profile, you need to go into the settings of the browser and configure a manual list of those sites. Of course that requires some end user training for that to happen. What Microsoft has done essentially with Edge for Business is add a feature where you automatically get as you log into Windows, providing your login into Windows with an Azure AD account or Enter ID account, I suppose now we should call it, either you need to log into Windows with that account or into one of your existing browser profiles with a Microsoft work or school account. When Edge for Business will essentially be enabled automatically. Now when it’s enabled, what you get is two browser profiles. The first is the one that’s connected to your Microsoft personal account, so your MSA. Microsoft is referring to this as your enterprise personal browser or your MSA profile. This is a browser profile that it’s saying is lightly managed. There are a few security policies that might be applied to it if they’re already configured for the tenant. Things like application guard and enhanced security mode. Also some data compliance policies like Microsoft Purview DLP and insider risk management and any Microsoft Edge update policies that you have like enforcing Edge update rules. Those things are applied to the personal profile.

But you also get your work browser profile where IT admins can apply the full range of policies that are available for Edge. So it’s a fully managed instance of the browser. Now there’s also a bit of a visual refresh going on here. So Microsoft has moved the label that says work or personal across to the left hand side of the screen now. And the work profile in the taskbar icon gets a little briefcase icon that’s kind of appended or overlaid if you like onto the icon in the bottom left hand corner. So there’s a bit of a visual change as well. Microsoft has added a feature called automatic switching. So what this does is it tries to understand, well, this site is probably related to your work, so it should open in the work profile. And this site isn’t, so we should probably open that in the enterprise personal browser if you like, which is a different profile.

So, there’s some logic being applied there, a list of sites, which it kind of thinks, well, okay, these are probably work sites. I don’t know how well this really works because I have all my sites set up manually because I’ve always used profiles here. But if you don’t do that or you don’t know how to do that, the automatic switching tries to solve the problem for you because it can be quite annoying for instance. Let’s say you get an email, you click on a link and then that link opens up in the wrong profile because then potentially you’re logging into that site with the wrong accounts. And that can be confusing for users. So automatic switching is designed to address that issue. Now Microsoft has said that they’re going to add more sites and improve the logic going forwards so that this will hopefully work better. Another couple of things that are coming to Edge for Business and that’s the ability to apply company branding to the work profiles and mobile application management for Edge for Business. So this is currently in preview, but the aim of this is to allow Edge for Business to work on unmanaged devices because at the moment as it stands, it only works on devices or can be fully managed on devices that are part of a managed enterprise.

So, another management control and the greater management flexibility for Edge for Business is coming with that in the future. So I guess that Microsoft is trying to solve various different problems here, trying to give IT more control over just a work version of a browser and give users more or less the flexibility that they need without all of the controls in their own personal, lightly managed version of the browser and to make profiles and profile switching just easier and well preferably completely automatic so that users don’t have to go and configure those features manually and go and list all of the sites that need to open up in a particular profile. So there are two main problems there that I think Microsoft is trying to solve with this.

And I guess a third potential benefit is if they can make all of this easy and bring those advantages for users and the IT organization maybe to improve adoption of Edge itself, which obviously is quite low. I think it has like 6% of the browser market share at the moment. So I’d be interested to know, are you stipulating what browser users are able to work with in your work environment? Because obviously a lot of organizations, they just default to Google Chrome or they allow users to work with whatever browser they want. So I’d be interested to know if you stipulate the browser and if you do what browser? Would these new features in Edge for Business persuade your organization to potentially stipulate Edge as the browser of choice? So let me know what you think about that in the comments below. So this is interesting. It’s not something that I really expected to hear actually this week and that is that Windows 365 is coming to VMware Horizon.

Now Windows 365 is the kind of turnkey virtualization or cloud PC in a box if you like that you can just deploy easily to your endpoints through virtualization. So it’s a little bit easier to get going than Azure Virtual Desktop for instance. And this is now going to be available to organizations that are already invested in VMware Horizon. And of course that’s going to apply to a lot of organizations because VMware is a hugely popular virtualization solution. So there are some advantages to using Windows 365 in VMware Horizon and some advantages for Windows 365 users to use it via VMware Horizon if that makes sense. So if you want to use Windows 365 inside of VMware Horizon if you’d like, this brings with it the VMware Blast Extreme Protocol and VMware Gateway. So you get the advantages of those two technologies that you wouldn’t get if you were using Windows 365 natively on Azure. And for VMware Horizon enterprises you also get support for peripherals and a streamlined delivery experience for legacy and on-premises applications via app volumes. So there seem to be advantages to this arrangement in both directions. So that’s currently in preview if you want to check it out.

This is in testing at the moment in the optional update for Windows 11 that came just a few days ago in fact. So I would expect this to be more generally available in patch Tuesday that’s released in September. And that’s a new control for IT admins for Windows Update just on Windows 11. So basically this is enable optional updates, the control is called, and there are three different options. So you can allow users, devices to automatically receive all optional updates including controlled feature rollouts. You can choose to have the device receive optional updates without the controlled feature rollouts and you can let users select which optional updates they want to receive as well. So you’ve got those three different options in this new control for Windows Update.

I know that Windows Update is always a bit of a painful subject for IT administrators and the whole updating story for Windows but any additional control is usually a welcome thing for probably end users and IT admins alike. This week Microsoft announced that Entra ID is getting in preview at this stage a new ability to provision accounts from systems like HR systems, payroll apps, anything that is kind of an online system that is used as a statement of record for the organization. Those accounts can be automatically provisioned in Entra ID, so of course that’s Azure Active Directory, in Entra ID through an API driven process.

So if before this had to be done manually I assume, I mean this is not an entirely new thing, I believe this has always been possible to implement those accounts from other systems in Entra ID, please tell me in the comments if I’m wrong about that. This new feature allows you to automate this process through the API but using tools like PowerShell or Azure Logic Apps, tools for automation that you’re already used to using and essentially have a continuous process where any accounts that are maybe added to your HR system or payroll app are then automatically provisioned in Entra ID. Not only that but to also manage the whole life cycle of those accounts, so the onboarding, the ongoing management and then the off-boarding of those accounts when the employee eventually leaves the company. So the entire cycle there you get to manage which is really important for security as well because there are lots of situations where an employee might leave but then the account’s not disabled or deleted or whatever needs to happen. So this should make all of that a lot easier.

A couple of announcements in the message centre this week about the app story in Microsoft Teams. Now I’m not sure how often apps or how commonly apps are really used in Microsoft Teams, not really sure about that, you know, it’d be interesting to know if the users in your organisation really make use of these apps or not. But there are a couple of announcements. So one is some new logic is called auto-install approved apps the future. So if an app has already been approved by an admin in the tenant and users are actually installing it on a regular basis, then Microsoft will take that signal and automatically start to install it for other users where it makes sense. So it just makes it easier for the end user. There’s some logic that says, well, they’re likely to want to use that app.

So, we’ll just pre-install it. And some new app-centric management features. So any apps that are approved for the team store by the organisation get some new controls. So admins can say that all users have the ability to install an app or only specific groups of users can install this app or nobody can install it. So you get that little bit more granular control now over the ability to control who can install applications from the team store.

If you have people in your organisation using Outlook on iOS, now they have the ability to read and write Microsoft identity protection sensitivity labels on emails. So for instance, if you have a sensitivity label set up and there’s a policy that says anything with that label should be encrypted, that will start being a feature that’s generally available in November this year for Outlook users on iOS. SharePoint admins out there, you’re getting new controls in December this year that will allow you to restrict access to SharePoint sites and OneDrive using Microsoft 365 groups and security groups.

And Microsoft announced this week that coming now, general availability December 2023 is the ability to deploy applications that use the PKG application distribution type for macOS using Intune. So this has been in preview, I think since June or July this year. That is now apparently going to be generally available by the end of this year, well more specifically in December. So that’s interesting for administrators who have to manage environments where you’ve got Windows and macOS mixed together. If you found this video useful, I’d really appreciate it if you gave it a like because it helps to get the video pushed out on YouTube to more people.

Don’t forget to subscribe to the channel if you’d like to see these weekly news updates. Thank you for watching and I’m going to leave you with another video on the screen now that you might also find interesting. But that’s it from me and I’ll see you next time.