Atlassian Guard Standard now includes a security control that lets you block access to Atlassian apps from mobile browsers, forcing users to access Jira and Confluence through the official mobile apps where device-level security policies are fully enforced. In our walkthrough, we demonstrate exactly how to configure this access policy in under a minute, helping IT admins immediately strengthen their organization’s security posture and data protection compliance.
This feature, released in March 2026, is one of the simplest yet most effective ways to close a common security gap in organizations using Atlassian cloud products.
In our video, Marvin, a Technical Support Engineer at Resolution GmbH, walks through the entire setup process and explains why this matters for every Atlassian admin:
https://youtu.be/hQHQh9glyas?si=OlQVAznnm3osChVu
The Security Problem with Mobile Browsers
When users access Jira or Confluence through a mobile browser like Safari or Chrome on their phone, it becomes significantly harder to enforce device-level security policies. This is a real and common problem that many IT administrators overlook. Mobile browsers essentially create an unmanaged access point that bypasses several critical security layers your organization may already have in place.
Specifically, when users go through a mobile browser instead of the official Atlassian mobile app, the following security controls may not apply:
- Mobile Device Management (MDM) policies can be bypassed entirely
- Certificate-based authentication and COPE (Corporate-Owned, Personally-Enabled) controls may not function
- App-level data loss prevention (DLP) becomes significantly harder to enforce
- Device-level security posture cannot be verified before granting access
The core issue is that a mobile browser provides a largely uncontrolled environment compared to a managed mobile application. Organizations that invest in MDM solutions and app-level security controls are effectively leaving a back door open if they allow mobile browser access to their Atlassian tools.
How Blocking Mobile Browser Access Solves This
By blocking mobile browser access, you ensure that users are redirected to the official Atlassian mobile app, where all your organization’s security controls are fully in effect. The Atlassian mobile apps for Jira and Confluence support MDM integration, app-level data protection policies, and other enterprise security features that simply cannot be enforced through a browser.
This means your security posture is consistently applied regardless of how or where users attempt to access your Atlassian products. It reduces security risks from unmanaged devices, improves compliance and data protection, and gives admins better control over application access patterns.
Step-by-Step: How to Configure the Access Policy
The setup process is remarkably straightforward and takes less than a minute to complete. Here is exactly how we configured it in our video:
Step 1: Navigate to Access Policies
First, navigate to admin.atlassian.com. From there, go to Security, then User Security, and then Access Policies. You will already notice the new block option available in the interface, indicating that this feature has been rolled out to your organization.
Step 2: Create a New Policy
Click to create a new policy and give it a descriptive name. Access policies in Atlassian Guard Standard are where you define who can access what, from where, and under which conditions. These policies can block access to the organization based on user or device characteristics.
Step 3: Configure Policy Conditions
Inside the new policy, you will see two key criteria to configure. The policy criteria should be set to “Browser is Mobile” — this targets all users attempting to access your Atlassian apps through a mobile browser. The access control setting will default to “Allow.” You need to switch this to “Block” and save the policy.
Step 4: Activate the Policy
After saving, if you go back to the access policy list, you will see the policy listed with an access status of “Block,” but the current status will show as “Inactive.” To enable it, go to Actions, then Edit Policies, and toggle the policy on. Click “Activate” to make it live. Once activated, the status will change to “Active” and enforcement begins immediately.
What Users Will See When Access Is Blocked
Once the policy is active, any user who tries to open Jira or Confluence in a mobile browser will be shown a clear message. As we demonstrated in our video, the message reads something like: “You can’t access this content because your admin applied a security policy that blocks access to apps in this organization.”
Users will not be able to proceed in the mobile browser. They are effectively directed to download and use the official Atlassian mobile app instead, where your organization’s full suite of security controls applies. This is a clean, user-friendly experience that makes it clear why access is restricted and what the user should do instead.
Requirements
This feature requires an Atlassian Guard Standard subscription. It is configured through the Atlassian administration console at admin.atlassian.com under the Security section. No additional tools or third-party integrations are needed — it is a native Atlassian capability that works out of the box.
Why This Feature Is a Must-Enable
Blocking mobile browser access is a simple but effective security control. It takes roughly 30 seconds to enable, applies immediately across your organization, and ensures your users always go through the secure mobile app experience. For organizations that care about consistent security enforcement, compliance, and data protection, this is one of the easiest wins available in the Atlassian Guard Standard toolkit.
The key benefits include reduced security risks from unmanaged devices, consistent enforcement of access policies across all user access methods, improved compliance posture, and better administrative control over how users interact with your Atlassian apps. If your organization is already using MDM or has data loss prevention policies in place, enabling this feature ensures those investments are not undermined by users simply opening a mobile browser instead of the managed app.
