Preventions
- Home
- - Preventions
- -PV026
- ID: PV026
- Created: 18th July 2024
- Updated: 18th July 2024
- Contributor: The ITM Team
Restrict Mobile Clipboard via Intune App Protection Policies
On mobile devices managed by Microsoft Intune, and where Protected Apps are being used, it is possible to apply app protection policies to protect corporate data on mobile devices. This functionality can prevent users from copying and pasting corporate data into personal apps.
Sections
ID | Name | Description |
---|---|---|
ME012 | Clipboard | A subject can use the clipboard on a device (copy & paste). |
IF001.005 | Exfiltration via Note-Taking Web Services | A subject uploads confidential organization data to a note-taking web service, such as Evernote. The subject can then access the confidential data outside of the organization from another device. Examples include (URLs have been sanitized):
|
ME004.001 | AirDrop | A subject can leverage Apple’s native peer-to-peer file sharing protocol, namely AirDrop - to transfer files directly to nearby personal devices over Bluetooth and Wi-Fi Direct. AirDrop operates on both macOS and iOS, and functions entirely outside routed enterprise networks, bypassing traditional firewall, proxy, or DLP controls.
AirDrop sessions are proximity-based, require no shared credentials, and are often enabled by default. When used from a corporate-managed Apple device, AirDrop creates a covert and rapid pathway for off-network data transfer, even when connected to a corporate VPN or secured wireless configuration. Its convenience, invisibility to traditional network monitoring, and inconsistent endpoint logging make it especially attractive to subjects acting opportunistically or preparing for staged exfiltration. |