If you’ve ever rolled your eyes at yet another slow cloud app session because of proxy lag, you’re not alone. Traditionally, Microsoft’s session controls leaned on a reverse proxy to enforce policies for cloud apps. It worked… but not always gracefully. Pages would lag, features broke, and users were left wondering if their Wi-Fi had wandered off.
Enter Microsoft Edge for Business. This browser comes equipped with built-in smarts to enforce Defender for Cloud Apps policies without the proxy overhead. Think of it as finally getting the express lane at security.
Why Pair Edge for Business with Defender for Cloud Apps?
You’re probably asking, “Why should I bother with Edge for Business?” Great question! Here are a few standout perks:
No More Proxy Drama
Since the browser handles everything natively, there’s no more routing traffic through Microsoft’s proxy. That means no more waiting on .mcas.ms redirects or wondering why a page refuses to load properly.
Better Compatibility
Many web apps that got cranky under a proxy now behave themselves when Edge steps in. That’s because you’re no longer altering how the browser talks to the cloud app. It’s a more direct conversation.
Invisible Security (The Good Kind)
The protection just works. No plug-ins. No extensions. Just the user, their work profile in Edge, and a little suitcase icon next to the lock symbol in the address bar.
Setting Up Session Policies (The Quick Version)
The session policies are the same ones you’ve come to know and love. You’ll head to Cloud Apps > Policies > Policy Management > Conditional Access, and create a Session Policy.
Want to stop people from copying, pasting, printing, or downloading on unmanaged devices? You’ve come to the right place.
Other nice controls like content inspection, labeling, and requiring extra login steps are available too, but we’ll save those for a future post.
Turning on Edge for Business Protection
Let’s get to the good stuff. In the Defender portal, go to:
Settings > Cloud Apps > Edge for Business Protection (it’s near the bottom).
Now flip the following switches:
- Enable Edge for Business Protection
- Enforce access from Edge when possible (If Edge isn’t available, it’ll gracefully fall back to the old proxy setup.)
- Unmanaged devices only (Your managed machines already have other layers of protection.)
- Notify users (Optional but helpful to steer folks toward using Edge.)
What the User Actually Sees
As soon as a user signs in with their work account in Edge, they’ll notice… almost nothing. Which is the goal! Behind the scenes, Edge enforces the session policies.
Head over to something like Outlook, and…. secured by Microsoft Purview, without a single .mcas.ms redirect in sight.
Try downloading a file? Blocked (as expected). That’s your policy doing its job.
What about attempting the same using Chrome instead of Edge?
A Few Gotchas
Here’s one to keep in mind: mobile browsers are still sitting this one out. Even if a mobile user launches Edge, it won’t get the in-browser protections. It’ll either revert to the old proxy method or the session policy just won’t work at all.
Wrapping It Up
Switching from proxy-based enforcement to in-browser protection with Edge for Business is a big win. It’s faster, cleaner, and far less annoying for your users. Just be sure to plan ahead: make Edge the go-to for unmanaged devices, and let your users know what to expect.
Your cloud apps and your help desk will thank you.
