🆕Protecting Microsoft 365 data on mobile devices

Ensure that users won’t copy data and save files from company Microsoft 365 apps.

Safetica excels at securing data from leaving controlled environments, but there are certain use cases where its capabilities can be complemented with other tools. 

 

Use case

You want to ensure that users of both company-owned and BYOD devices:

  • won’t copy data out of company Microsoft 365 apps
  • won’t save files from company Microsoft 365 apps to their mobile devices

 

Complement Safetica with

Microsoft Mobile Application Management or Microsoft Intune App protection policies. Learn more about Intune App protection policies in Microsoft documentation.

 

Prerequisites

 

Microsoft Intune App protection policies

  • Protect data within mobile apps (primarily Microsoft 365 apps).
  • Can prevent data from being shared, moved, or copy-pasted to other apps or folders.
  • Are available for Android and iOS.
  • Do not require devices to be managed by Mobile Device Management (MDM).
  • Can be enforced for Microsoft 365 apps on both managed (company-owned) and unmanaged (personal/BYOD) devices.

Example: To protect your company emails, you can create a policy that will block users from copying text from emails or saving email attachments to their devices.

 

Example: How to create an Intune App protection policy

(Last updated August 2024)

  1. Go to Microsoft Intune admin center and navigate to App protection policies, where you can create policies separately for iOS and Android devices.
  2. You can select which apps should be targeted by the policy and configure the policy based on your company's needs and the balance between security and limiting your workflow. You can select options such as restricting copy-and-pasting between apps, sending data to other apps, saving copies of company data, requiring PIN to access company apps, and many others.

We recommend testing the policy on a limited group before applying it to the whole company.

 

What will the users see

Intune App protection policies are enforced via the Microsoft Company Portal or Microsoft Authenticator apps.

When users try to sign into protected apps with a company account for the first time, they will be prompted to install the Company Portal or Microsoft Authenticator on their devices. Without these, users will not be allowed to sign into protected apps.

 

Read next

Best practice: Complementing Safetica protection

Protection against accessing company Microsoft 365 email via unauthorized email clients

Protection against adding non-Microsoft accounts into Outlook