Miro board items can contain privacy and regulatory data (such as PII, PHI, PCI) or confidential business-critical content (such as financial information, HR information, IP, trade secrets). After data discovery and auto-classification, organizations must implement proactive controls that are crucial for maintaining sustained privacy, security, and compliance with relevant regulations.
- With guardrails, you can now automatically enforce proactive controls, such as:
Automatically restricting sharing capabilities at various levels (public, team, organization) based on the board's content and classification level. - Restricting content replication.
- Blocking Miro AI usage to prevent AI-powered interactions with sensitive or classified data.
- Blocking Miro MCP access to prevent AI agents and other programmatic clients from accessing boards via the Miro MCP server.
These proactive controls ensure sustained privacy and compliance without hindering business operations.
Admins have two options for rolling out Intelligent Guardrails in their organization:
- Default mode: By default, guardrails do not affect active sharing options on boards to avoid disrupting ongoing collaboration, including when the boards are reclassified during auto-classification.
- Strict mode: When the Apply guardrails in strict mode toggle is turned on, guardrails override all active sharing options. This provides Admins with the strictest levels of control, but can also result in some users losing board access immediately.
Consider a scenario where you configured guardrails to ensure that users of boards classified as CONFIDENTIAL are not allowed to share the board with public, share with teams, share with organization, or replicate content. Someone in your organization created a new board named Financial Plan, added some revenue numbers, and assigned the CONFIDENTIAL classification level for this board. Guardrail settings are automatically applied and all users are not able to share the board and all users except the board owner cannot replicate content (Figure 2).
Block Miro MCP Access (Beta)
As AI agents increasingly access Miro boards through the Miro MCP server, organizations with sensitive content face a new governance gap: existing Enterprise Guard guardrails do not apply to Miro MCP connections, meaning classified board content can flow to external AI systems without restriction.
The new Block Miro MCP Access guardrail closes this gap by extending Intelligent Guardrails to cover Miro MCP, giving Sensitive Content Admins the same classification-based controls they already use for sharing, export, and AI features. With this upcoming feature in the Enterprise Guard add-on, Sensitive Content Admins can:
- Control Miro MCP access by classification level: configure the Block MCP Access guardrail for any combination of your organization's classification labels (e.g., block Miro MCP reads on Confidential and Restricted boards while allowing it on General boards).
- Block both read and write operations: when triggered, access via the Miro MCP server will not be available for AI agents and other programmatic clients. This applies to all Miro MCP tool calls to or on a Miro board, including reads, writes, and updates.
- Configure within the existing Intelligent Guardrails workflow: set up in the same place as your other guardrails, with no separate setup required.
- Enforce consistently across Miro MCP clients: controls are applied at the authorization layer, regardless of which Miro MCP client or AI agent is making the request.
For more information on each guardrails, their descriptions, and users affected, see the Guardrails reference documentation.