Hello.

We started to test the shared device configuration for some of our devices and we face some issues.

What works so far:

- Integration with intune an intune app protection policies are ok. 

- Added Entra ID in Directory for MS Single Sign-on

- MS Authenticator configured for Shared device mode 

- Devices are registred on Entra

- MS Apps are working fine

What's not working:

Due to Conditional Access policies, we can't use Chrome to login on some internal websites which require MS work account (only MS Edge browser).  We use Webapps pushed via Playstore for some our internal applications (some require work account to login, some don't).

By default these apps are running in Chrome. As a workaround i tried to push MS Edge browser (configured as Kiosk) and disable chrome with Application Run Control. This way the webapps are launched in Edge. But the problem is that if i launch for example app 1, then launch app2, when i return to app1 i start from main screen. (When using Chrome, and having Launchwithrecents argument in Lockdown profile, you can switch between apps (they run like standalone apps)

As a workaround for now i tried to leave chrome enabled, configured Edge as default browser, and add the apps that require ms work account on kiosk to launch with browsers:// url of app (this way it will open with edge). The webapps that not require ms work accounts are launched with "launchwithrecents://com.google.enterprise.webapp.xxxx (from playstore). 

Is there a workaround to setup Edge as "system-browser"? I know in intune this is done by default (have tested devices enrolled with work profile or fully mananged, and if Edge is pushed as required app all webapps deployed to that device will run in Edge.

If i register the device with user account then we can get this to work if we enable Browser access in MS Authenticator App (no need to use Edge in this case since device-id and registration is sent to Entra). This option is not available if the MS Authenticator is configured for shared device mode.