Microsoft, Chrome, and Firefox… each do a Little of What PolicyPak Browser Router Does a Lot
Microsoft, Chrome, and Firefox… each do a Little of What PolicyPak Browser Router Does a Lot
Microsoft recently announced a plugin for Firefox and Chrome which will redirect untrusted web sessions to Edge.
Is this Microsoft “hijacking” market share from their two main browser competitors?
Definitely not.
It’s actually a way to better secure your Windows client devices and users from possible malicious code being distributed from untrusted websites. That’s because Edge utilizes Windows Defender Application Guard (WDAG), a new security feature in Windows 10 that is designed to protect users from untrusted web sites by isolating them in a virtual environment using a Hyper-V-enabled container.
Windows Application Guard for Windows 10 and Edge
So why would an enterprise want to enforce Edge for untrusted websites (and redirect Chrome and Firefox webpages there)? Well, Edge natively has hooks to the Windows Defender Application Guard security feature.
So, when a user is accessing the web, the extension checks each URL against a list of enterprise sites defined by enterprise administrators to be trusted and untrusted.
Should a user attempt to visit an untrusted website, the user is redirected to an isolated Microsoft Edge session that is quarantined into a virtual container. By doing so, the session is now isolated from the client itself so if any malicious code is downloaded, the bad code is cut off and prevented from accessing anything on the enterprise such as your data. Think of it as an elementary form of sandboxing. While isolated, the user is free to traverse the untrusted site as they wish. Should the user then return to a trusted site, the user is reverted to a normal browsing session.
WDAG doesn’t mean malware positively cannot get onto the box, but it does aid in the blocking.
Application Guard: Extensions for Chrome and Firefox
So Application Guard Extensions are now available for Chrome and Firefox to route website directly to Edge when the URLs are untrusted. Enterprise admins simply need to install the extensions into the designated browsers.
Users can initiate an Application Guard session at any time without typing in a URL or clicking on a link by simply clicking the extension icon on the menu bar of the browser. As a result, users can use their favorite default browser while still remaining safe with the Application Guard defensive measures. All of this of course helps Microsoft promote the security features of their own web browser.
The Legacy Browser: Extensions for Chrome and Firefox
Microsoft isn’t the only one to use browser redirection technology.
Both Google and Firefox each have an extensions (nearly identically named) called Legacy Browser Support.
These extensions give either Chrome or Firefox admins the ability to route to a legacy browser (usually Internet Explorer) for known older (and incompatible) websites.
An example may be for an internal enterprise web based application that depends on ActiveX and requires IE. Many companies continue to rely on older web based applications due to budget constraints the fact that the original vendor no longer exists.
Administrators can create Firefox or Chrome policies for which URLs to launch into this second, legacy browser. By doing so, users have the advantage of using a modern browser optimized for the latest web standards, while having a second browser optimized for those older web applications.
These two types of browser redirecting… both Windows Defender Application Guard, and/or the Legacy Browser Extensions make a good start if your needs are modest.
But in a real enterprise, you might need to direct users to work in any of the four browsers: Internet Explorer, Edge, Firefox or Chrome. And nothing that Chrome, Firefox or Microsoft ships can help here.
PolicyPak Browser Router Redirects All Browsers
You already know that your users can’t depend on just one web browser for everything anymore. The fact is that some sites work better with one browser over another. When a user accesses a site with “the wrong / old/ unoptimized browser”, it may initiate a help desk call because the user experience isn’t in line with expectations.
Then there’s the issue of ensuring that users are using the most secure browser at their disposal. A security extension may only be available for one browser type, and it might not be Microsoft Edge.
Finally, there’s the ever-ongoing battle between the user and them selecting their default web browser. Each browser wants to win in the battle for supremacy.
There’s only one solution to all these redirection problems: that’s PolicyPak Browser Router. That’s because Browser Router lets you START in any browser and END in any other browser.
Set the Default Browser Once and For All
First use PolicyPak Browser Router to specifically set the user’s default browser. It’s drop dead simple, and different types of users can be dictated different default browser. Or, users can self-select the default browser. And then they are never asked again.
You can see how PolicyPak does that here. Simply create a policy called a “New Default Browser” policy.
Then, specify the browser of your choice like what’s seen here.
Making this selection will immediately stop all hounding of the user to be asked to select a default browser. You have this problem permanently solved.
Redirect Your Users to the Best Browser for Any and All Websites
Here’s the extra beauty of PolicyPak Browser Router.
- Do you want to redirect untrusted sites to Edge in order to take advantage of Application Guard? No problem, Browser Router can do that.
- Want to redirect users to IE or another browser to something unusual such as Opera for your internal web applications? Again, Browser Router can do that.
- Do you want specific websites to launch the Citrix Secure Browser? Browser Router can do that.
In fact, you can redirect users’ requests for ANY website.
Let’s say you want to make sure that your users always use Chrome when accessing the company’s G Suite applications. In this case, if a user attempted to access the G Suite URL using their Firefox default web browser, Browser Router would actually close down the Firefox session and reopen the G Suite URL automatically with the Chrome browser. Again, this is done by creating a policy. The screenshot below shows the primary configuration screen.
And for every PolicyPak policy, you can narrow down the policy’s scope according to a designated subnet, group, device form factor or operating system. An example of these options is shown below.
You can see a complete video of both of these policy creation processes here.
Final Thoughts about PolicyPak Browser Router
The extensions from Chrome and Firefox to help redirect websites toward Edge can make sense. As does the Legacy browser extensions from Chrome and Firefox. But those redirection plug-ins are browser specific and unidirectional.
PolicyPak Browser Router is different. There is no limitations for PolicyPak Browser Router, because it wasn’t created for a single type of occurrence. It was created to accommodate just about any situation.
Redirecting, security and flexibility is what Browser Router is all about.
PolicyPak Browser Router is part of the PolicyPak Group Policy, PolicyPak Cloud or PolicyPak MDM suite and is just one component you’ll be able to use.
The post Microsoft, Chrome, and Firefox… each do a Little of What PolicyPak Browser Router Does a Lot appeared first on PolicyPak.
*** This is a Security Bloggers Network syndicated blog from Blog Posts – PolicyPak authored by Ali Hassan. Read the original post at: https://www.policypak.com/pp-blog/microsoft-chrome-and-firefox-each-do-a-little-of-what-policypak-browser-router-does-a-lot
