Microsoft 365 Message Center Archive

MC1255405 - Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM)

Message ID

MC1255405

View in Message Center

Service

Microsoft 365 suite

Published

Mar 18, 2026

Tag

Major change
New feature
Admin impact

Roadmap ID

557187

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Edge for Business will support cross-tenant Intune Mobile Application Management (MAM) policies, enabling data protection on devices managed by different tenants. This opt-in feature, rolling out from February to April 2026, secures corporate data without extra enrollment or disrupting user experience.

More information

Introduction

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

When this will happen:

  • Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
  • General Availability (Worldwide): We will begin rolling out early April 2026 and expect to complete by mid-April 2026.

How this affects your organization:

Who is affected:

  • Organizations using Microsoft Edge for Business
  • Admins configuring Intune App Protection Policies 
  • Users accessing corporate data on devices managed by another tenant

What will happen:

  • This feature is off by default and opt-in only
  • Intune MAM policies are enforced within the Edge work profile
  • When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
  • This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
  • No impact to personal browsing or unmanaged profiles

What you can do to prepare:

No action is required before rollout.

  • Review existing Intune App Protection Policies
  • Determine whether to enable cross-tenant MAM for Edge
  • Notify security and helpdesk teams as appropriate
  • Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

Compliance considerations:

Compliance area impacted Explanation
Customer data storage When protected downloads are enabled by the admin, downloads are redirected to OneDrive for Business instead of local storage, changing where corporate data is stored.
Processing and access of existing customer data Corporate data accessed through Edge work profiles is processed under Intune App Protection Policies even when the device is managed by another tenant.
Tenant-to-tenant interaction This change enables cross-tenant enforcement of Intune MAM policies, allowing one tenant to govern data protection on devices managed by another tenant.
Data Loss Prevention (Purview) Intune MAM leak controls such as clipboard restrictions, screenshot protection, and DevTools blocking are enforced within the Edge work profile.
Admin controls The capability is opt-in and controlled through Intune App Protection Policies, allowing admins to decide whether and how cross-tenant MAM enforcement applies.