Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Protected Clipboard
Protected clipboard restricts copy/paste to the managed profile, allowing users to stay productive while corporate data stays secure.
Admin Steps
In Intune Admin Center (intune.microsoft.com):
- Go to Apps → App Protection Policies → Windows.
- Modify the App Protection Policy you’ve configured for users receiving MAM policies.
- Under Data Protection, configure:
- Option 1: Allow cut/copy/paste between org destinations and org sources.
- Option 2: Allow cut/copy/paste between org destinations and any sources.
Effect
- Option 1: Copy/paste is restricted to the protected Edge for Business work profile.
- Option 2: Copy/paste is restricted to the protected Edge for Business work profile, but users can paste data into the browser from unprotected locations.
Protected Downloads
Admin Steps
In Intune Admin Center (intune.microsoft.com):
Go to Apps → App Protection Policies → Windows.
Modify the App Protection Policy you’ve configured for users receiving MAM policies.
Under Data Protection, configure:
- ‘Send org data to’ to No destinations.
In the Edge Management Service (admin.microsoft.com → Settings → Microsoft Edge)
- Create a new Configuration policy targeted to the intended users.
- Ensure Windows 10+ is selected for platforms and policy type is Cloud.
- No settings need to be added when creating the policy.
- Under Assignments, select the intended users.
(After the Configuration Policy has been created and saved) In your Configuration policy, navigate to Customization Settings → Security Settings.
- Enable Protected Downloads.
Users will now have protected downloads to OneDrive for Business enabled.
Effect
When users download files in Edge with this policy configured, the files are redirected to a OneDrive for Business folder named ‘Microsoft Edge Downloads’.
This folder is managed by your tenant and enforces organizational compliance.
Watermarking
Admin Steps
In the Edge Management Service (admin.microsoft.com → Settings → Microsoft Edge)
- Create a new Configuration policy targeted to the intended users.
- Ensure Windows 10+ is selected for platforms and policy type is Cloud.
- No settings need to be added when creating the policy.
- Under Assignments, select the intended users.
(After the Configuration Policy has been created and saved) In your Configuration policy, navigate to Customization Settings → Security Settings.
- Enable Watermarking for users who are receiving MAM policies.
Effect
- MAM-managed profiles have a watermark throughout the entire profile (Note: users need at least one Intune app protection policy and this watermarking policy for the watermark to be enabled).
Additional Leak Controls
Defaults Applied
- Screenshot Prevention: Blocks screen captures in protected sessions.
- Developer Tools Protection: Restricts access to DevTools when MAM policies are active.
Admin Note
These controls are enforced when the cut/copy/paste Intune policy is set to any blocking setting (i.e. not “All destinations and sources”).