On July 8, 2026, Microsoft added a new item to its Microsoft 365 roadmap that promises to close a long-standing data leak vector on mobile devices. Roadmap ID 567311 details an upcoming feature in Microsoft Purview Data Loss Prevention (DLP) that will evaluate clipboard sharing activities within apps protected by Intune Mobile Application Management (MAM). The move signals a significant expansion of content-aware security policies to the mobile clipboard, a conduit that has long operated outside the surveillance of most DLP controls.

For organizations that rely on Intune to separate corporate from personal data on smartphones and tablets, this capability will allow them to inspect and potentially block sensitive content—credit card numbers, healthcare records, intellectual property—when users copy from a managed app and attempt to paste it into an unmanaged destination. It promises to bring the kind of granular content inspection that exists on Windows endpoints to the mobile world, where MAM has traditionally enforced only coarse-grained, app-level restrictions.

What’s Actually Changing

Today, Intune MAM policies can restrict the act of copying and pasting between managed and unmanaged apps, but they do so with a blunt instrument. Organisations can choose to block all cut, copy, and paste operations between corporate apps and personal apps, or allow them universally. There is no middle ground where a paste is permitted if the content is innocuous but blocked if it contains a social security number. That’s about to change.

Roadmap ID 567311—titled “Clipboard sharing evaluation in Intune MAM protected apps”—describes a new integration between Microsoft Purview DLP and the Intune MAM stack. According to the roadmap entry, it will “evaluate clipboard sharing inside Intune MAM protected mobile apps and apply DLP policies based on the sensitive information types found in the content.” In other words, when a user copies data from a managed app like Outlook or Microsoft Teams, the Intune SDK will intercept that content, send it to the Purview DLP service for inspection, and then decide whether to allow or block the paste operation depending on the configured policy.

This is not a simple application filter. It will require the DLP engine to assess the copied text (or images, potentially via optical character recognition expansion) against defined sensitive information types—patterns for financial data, personally identifiable information (PII), healthcare codes, or custom keyword dictionaries. The evaluation happens in near real time, just as it does for endpoint DLP on Windows, where attempting to copy a credit card number from a protected file can trigger a block and an alert.

What makes this particularly notable is that it targets a scenario many organizations have struggled to govern. The clipboard is invisible to most administrative controls. A well-intentioned employee who copies a client’s bank details from the CRM app into a WhatsApp message or a personal note app would bypass all traditional MAM restrictions if the organisation currently allows clipboard sharing between managed and unmanaged apps. This feature aims to eliminate that blind spot.

No specific release date is provided beyond the roadmap addition. Microsoft typically uses roadmap items to announce features that are in active development, often with a target of rolling out in public preview within three to six months. Based on patterns for similar Purview DLP expansions, we might expect a preview in late 2026, with general availability in the first half of 2027—but that is speculative. The roadmap does not indicate which mobile platforms will be supported, though given Intune MAM’s presence on both iOS and Android, both are likely candidates.

What It Means for You

For IT Administrators and Security Teams

This feature is a direct answer to a frequent request from admins who have deployed Microsoft 365 E5 or the Purview compliance suite. For years, they have been able to protect data at rest in SharePoint and OneDrive, in motion through email and Teams, and on endpoints through device-level DLP. Mobile clipboard has remained an uncomfortable exception.

The addition closes a gap that internal risk assessments often flag. If your organization handles PII, PCI data, or HIPAA-regulated information, the ability to prevent pasting of that data into unmanaged apps on employee-owned devices is a significant compliance improvement. Without it, you were forced to either fully block cross-app clipboard sharing—crippling productivity—or accept the risk of data leakage. Now you can have both: keep the clipboard usable, but enforce content-aware policies.

Policy creation will follow the familiar Purview DLP workflow: define a rule that applies to the Intune MAM location, choose sensitive info types, and set an action (block, block with override, or audit-only). Alerts and incident reports will bubble up into the Purview compliance portal, allowing your SOC to investigate clipboard-related violations just as they would a suspicious email forward or a file upload to a personal cloud.

Keep in mind that this feature will likely require a supporting licensing mix—typically Microsoft 365 E5, Microsoft 365 E5 Compliance, or the standalone Purview Information Protection and Governance license—plus Intune Plan 1 or higher. If you’re not already on an E5 tier, the cost-benefit calculation may shift once the feature is available.

For End Users

For employees who use a company-managed version of Outlook, Word, or other productivity apps on personal devices, the experience will become more nuanced. Currently, if their organization allows cross-app copy/paste, they can freely move text between work and personal apps. Under the new DLP policy, a paste will suddenly fail if the copied content contains something the policy flags as sensitive. The app may show a tooltip or notification: “Your organization’s policy blocks pasting this content outside of managed applications.”

This can be confusing at first, especially if a user doesn’t realize that a paragraph embedded a credit card number. Education will be key. Some organizations may opt for an audit-only mode initially to understand clipboard usage patterns before turning on active blocking. Override options can be configured to allow the user to paste anyway with justification, but these choices will be logged for later review.

For App Developers

Independent software vendors who integrate the Intune App SDK or wrap their apps with the Intune App Wrapping Tool will need to watch for updated SDK versions that support the clipboard inspection feature. For first-party Microsoft apps—Outlook, Teams, Edge for Mobile, and Office Mobile—the capability will likely arrive automatically through app updates. Third-party developers will want to test early to ensure their apps maintain expected user experience and do not introduce latency during clipboard operations. The SDK will need to handle the handoff to Purview DLP seamlessly, and any delay could frustrate users if not optimized.

How We Got Here

Microsoft’s DLP journey has been a steady march from static data stores to dynamic user actions. It began in the mid‑2010s with policies for Exchange Online and SharePoint Online, scanning emails and documents at rest. Soon it extended to OneDrive for Business, then to Microsoft Teams chat and channel messages. In 2020, Endpoint DLP brought content inspection to files on Windows 10 and Windows 11, and later to macOS. By 2023, endpoint DLP added the ability to monitor and block sensitive content copied to the cloud or to unallowed apps from Windows devices—including the clipboard. At that point, Windows users could be prevented from pasting a credit card number into Notepad or a web form.

Mobile lagged behind. While Intune MAM has been capable of restricting paste destinations since its early days, the restrictions were binary. Microsoft added mobile browser support for Purview DLP in 2022 via Microsoft Edge for Mobile, enabling policies to block uploads of sensitive files to consumer cloud services from within the browser. But the mobile clipboard remained outside the scope until now.

The catalyst for the change is likely twofold: first, the blurring of work and personal contexts on mobile devices has only accelerated. Employees routinely juggle corporate and personal apps side by side, and the clipboard is the fastest bridge between them. Second, the regulatory landscape has hardened. Regulations like GDPR, CCPA, and emerging state-level privacy laws demand demonstrable controls over personally identifiable information. A clipboard gaps makes audits painful.

Technically, the foundation for this feature has been building over the years. The Intune SDK already provides hooks for app-level paste restrictions. Purview DLP already runs a cloud‑based policy evaluation service that can inspect text in milliseconds. Marrying the two was a logical next step, though likely a complex engineering challenge to ensure low latency and high accuracy on mobile where network conditions vary and battery life is paramount.

What to Do Now

Since this is a roadmap entry with no immediate availability, there is no fire drill to run. But preparation now will make rollout smoother.

1. Audit your current Intune MAM clipboard settings. Check your app protection policies: do you allow copy/paste between managed and unmanaged apps? If yes, you are exposing a potential data leak channel that this feature could mitigate. Understand your exposure.

2. Review your sensitive information types. The effectiveness of the new DLP policy will depend on how well you’ve defined and tuned your sensitive info types. If your EDM (Exact Data Match) classifiers are stale or your regular expressions are too broad, you’ll face false positives and user pushback. Use the time to refine them.

3. Plan for a phased rollout. When the feature reaches preview, start with an audit-only policy for a small pilot group. Collect data on clipboard usage patterns: how often do users copy sensitive data, and to which unmanaged apps? This will inform your blocking decisions and help you craft user communication.

4. Prepare user communication. Employees accustomed to freely pasting between apps may resent the change. Draft a clear statement explaining why: to protect customer data and meet regulatory obligations. Highlight that it’s not about monitoring personal information, only corporate data that matches specific patterns.

5. Coordinate with your app developers and vendors. If you depend on custom LOB apps that integrate Intune MAM, reach out to your developers now. They should be ready to test the upcoming SDK and validate that the clipboard inspection doesn’t break workflows.

6. Watch the roadmap. Bookmark roadmap item 567311 (the link is in the references below) and monitor for status changes. Microsoft will update it to “In development,” “Rolling out,” and “Launched.” The moment it hits preview, you’ll want to enable it in a test tenant.

Outlook

Microsoft’s trajectory is clear: bring the full weight of Purview DLP to every surface where corporate data can be touched. Clipboard inspection on mobile is just the latest piece. Expect similar expansions to other channels—maybe file pickers within MAM apps, or the ability to scan images pasted from the photo library—as optical character recognition technology matures inside the Microsoft compliance stack. Also watch for deeper integration between Purview DLP and Microsoft Defender for Cloud Apps, which could one day allow a unified policy that follows the data no matter the device, app, or action.

In the nearer term, this feature sets the stage for a more intelligent MAM, where decisions are content‑aware and not just app‑aware. It moves mobile device management beyond “containers” and toward a truly data-centric security model. For organizations that have bet on Microsoft’s ecosystem, that’s a significant strengthening of the promise that sensitive data stays safe, even when it’s copied to a clipboard on a Saturday afternoon in a café.