Protect tenant data on unmanaged devices (Copy/Paste)

Frequent Contributor

We are looking for ways to do the following:
- we want to prevent a user or guest who accesses tenant data (through browser or Office apps) from an unmanaged device to copy and paste data outside allowed apps. 

 

This should be done on Windows 10 and higher. 

So basically it is allowed to copy and paste from Teams to Word (with same identity) but not to notepad or Wordpad for example. 

We have been testing with access and session policies that should prevent pasting data outside allowed apps but that does not block pasting to notepad. 
Does anyone have a solution for this very challenging requirement?

1 Reply
Your scenario should be possible using Microsoft Intune, you could prevent data leakage for unmanaged devices and they have to login with credential to be able to copy and paste. Take a look at:
https://docs.microsoft.com/en-us/mem/intune/protect/data-leak-prevention
Also take a look at:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-configure-windows-10
https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create