Microsoft 365 security requires constant monitoring from admins in every aspect to protect their organization’s data. A minor loophole can lead to significant data loss and impacts security. One such security gap is the ability to capture screenshots on Android and iOS devices. Microsoft keeps on introducing new settings for effective mobile device management (MDM) and mobile application management (MAM) thereby enhancing device security. Admins must block screen capture on Android and iOS devices to restrict users from saving confidential data and avoid data leakages at any cost. Let’s explore how to block screen capture feature in detail.
Block Screen Capture on Android Devices in Intune
Blocking screenshots on Android devices can be done on two levels – device level and app level. If you want to stop taking screenshots on the entire device, you can block the feature at the device level using the Intune device restriction policy. If you want to block screen capture on specific apps like Outlook, etc., you can prevent the feature using an app protection policy. Explore how to block screen capture in detail. Remember that this feature is not configured by default for Android devices.
Prevent Screen Capture Using Android Device Restriction Policy
To prevent screenshots on Android devices using the device restriction policy, you must create and assign a configuration profile for Intune devices. To do this,
- Sign in to the Microsoft Intune admin center.
- Navigate to Devices –> Configuration –> Create –> New policy.
- Select the platform dropdown and choose ‘Android (AOSP)’.
AOSP – Android Open Source Project. - Click on the ‘Profile type’ dropdown and choose ‘Device restrictions’.
- Select ‘Create’.
- Name your policy and provide a description if required. Click Next.
- Expand the ‘General’ category and move the toggle to ‘Yes’ for the ‘Block screen capture’ option.
- Click Next. Then, add the required users, groups, or devices, and select Next.
- Review the policy and click on ‘Create’.
Creating this policy will block screen capture on Android devices based on the policy assignment.
Note: If you want to create a configuration profile for corporate-owned Intune devices or personally owned Intune devices, choose ‘Android Enterprise’ in the platform dropdown.
Prevent Screenshot on Specific Apps Using Android App Protection Policy
To block screen capture for specific apps on Android devices, you can create an app protection policy in Intune. For this, you can
- Sign in to the Microsoft Intune admin center.
- Navigate to Apps –> App protection policies –> Create policy –> Android.
- Name your policy and give a description if required. Click Next.
- Click on ‘+Select public apps’ option. Search and select ‘Microsoft Outlook’. You can also add your custom apps by selecting the ‘+Select custom apps’ option.
- Click on ‘Select’ and choose Next.
- Move the toggle to ‘Block’ for the ‘Screen capture and Google Assistant’ option under ‘Data Transfer’ and click Next.
- If required, you can customize access requirements and click Next.
- Then, you can customize the conditional launch part if required and click Next.
- Include and exclude required groups and select Next.
- Verify the policy settings and click on ‘Create’.
Once the policy is created, the screen capture option will be blocked for the Outlook app on Android devices. Other apps will support this option.
Block Screen Capture on iOS Devices in Intune
Like Android devices, you can also prevent screen capture on iOS devices using the Intune admin center in your Microsoft 365 environment. See how to prevent screen capture on iOS devices in detail.
Prevent Screenshot Using iOS Device Restriction Policy
To block screen capture using the Intune device restriction policy, follow the steps below.
- Sign in to the Microsoft Intune admin center.
- Navigate to Devices –> Configuration –> Create –> New policy.
- Choose ‘iOS/iPadOs’ under the Platform dropdown and choose ‘Templates’ under the Profile type dropdown.
- Then, click on ‘Device restrictions’ and select ‘Create’.
- Name your policy and give a description if required. Click Next.
- Expand the ‘General’ category and move to toggle to ‘Yes’ for the ‘Block Screenshots and screen recording’ option. Click Next.
- Assign required users, groups, or devices, and click Next.
- Review the policy configurations and select ‘Create’.
After implementing this policy, all the Intune-managed iOS devices will be restricted from using the screen capture feature.
Note: The ability to block screen recording will be supported only on iOS/iPadOS 9.0 and newer.
Block Screenshot on Specific Apps on Intune iOS Devices
Unfortunately, the blocking of screen capture feature for specific apps on iOS devices is currently not available. Many users are requesting this feature as it is crucial to prevent accidental data loss or data misuse. Hope Microsoft will address this and introduce the setting to prevent screen capture for specific apps on iOS devices soon.
I hope this blog will help you learn how to prevent screen capture on Android and iOS devices to protect confidential data and improve Microsoft 365 security. Drop your queries in the comment section.