App protection policy - Prevent data leak, Block copy paste, block local Save with Intune: Intune app protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. These policies allow you to control how data is accessed and shared by apps on mobile devices. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app in Intune is a protected app that has Intune app protection policies applied to it and is managed by Intune. There are several benefits of using Intune app protection policies, including protecting corporate data on mobile devices without requiring device enrollment and controlling how data is accessed and shared by apps on mobile devices. Examples of using app protection policies with Microsoft Intune include: Requiring a PIN or fingerprint to access corporate email on a mobile device Preventing users from copying and pasting corporate data into personal apps Restricting access to corporate data to only approved apps Many productivity apps, such as the Microsoft 365 (Office) apps, can be managed using Intune MAM. See the official list of Microsoft Intune protected apps available for public use. More information: