Miro board items can contain privacy and regulatory data (such as PII, PHI, PCI) or confidential business-critical content (such as financial information, HR information, IP, trade secrets). After data discovery and auto-classification, organizations must implement proactive controls that are crucial for maintaining sustained privacy, security, and compliance with relevant regulations.
- With guardrails, you can now automatically enforce proactive controls, such as:
Automatically restricting sharing capabilities at various levels (public, team, organization) based on the board's content and classification level. - Restricting content replication.
- Blocking Miro AI usage to prevent AI-powered interactions with sensitive or classified data.
These proactive controls ensure sustained privacy and compliance without hindering business operations.
Figure 1: Content security and sharing guardrails
Admins have two options for rolling out Intelligent Guardrails in their organization:
- Default mode: By default, guardrails do not affect active sharing options on boards to avoid disrupting ongoing collaboration, including when the boards are reclassified during auto-classification.
- Strict mode: When the Apply guardrails in strict mode toggle is turned on, guardrails override all active sharing options. This provides Admins with the strictest levels of control, but can also result in some users losing board access immediately.
Consider a scenario where you configured guardrails to ensure that users of boards classified as CONFIDENTIAL are not allowed to share the board with public, share with teams, share with organization, or replicate content. Someone in your organization created a new board named Financial Plan, added some revenue numbers, and assigned the CONFIDENTIAL classification level for this board. Guardrail settings are automatically applied and all users are not able to share the board and all users except the board owner cannot replicate content (Figure 2).
Figure 2: Public sharing of the board is disabled
Content security guardrails
The following table lists the content security guardrails supported in the current release.
| Guardrail | Description | Users affected |
| Block content replication |
- Options to manage content replication in both the Miro UI and the Miro APIs are not available. For example, the option to update who can copy board content is not available in the UI and the option to update copy access via the update board API is not available. - Options for content replication are not available in the Miro UI. This includes: - Duplicating a board to other - Downloading files on the board - Downloading images on the board - Downloading PDFs on the board - Copying content or objects from - Exporting boards as an image - Exporting boards as PDF - Saving boards as a custom - Content replication via APIs are |
The board owner and co-owners are not restricted. The board owner and co-owners can perform content replication actions as this is needed for the board owner to update the board and create sanitized versions of the boards for further collaboration. Everyone else is restricted. |
| Block Miro AI usage | - All Miro AI features are disabled, preventing access to AI-driven functionalities such as text generation, image recognition, and smart suggestions. - Users will not be able to interact with or activate any AI-powered tools within Miro. - Existing Miro AI-generated content remains unchanged, and users can modify or expand this content. However, users can no longer use Miro AI to edit or update the content. |
Everyone is restricted, including the board owner and co-owners. |
Sharing guardrails
The following table lists the sharing guardrails supported in the current release.
| Guardrail | Description | Users affected |
| Block public sharing |
- Option to share with Anyone with the link is not available in the Miro UI. - Public sharing via API is not available. The API returns an error 403 as a response. - Block public sharing is not applicable to boards embedded using the access-link of Live Embed as these boards are not considered to be shared via public link. For more information, see How to allow or restrict embedding Miro boards in supported apps. |
Everyone is restricted, including the board owner. |
| Block sharing with teams |
- Option to share with Anyone at Team is not available in the Miro UI. - Sharing with teams via API is not available. The API returns an error 403 as a response. |
Everyone is restricted, including the board owner. |
| Block sharing with organization |
- Option to share with Anyone at Organization is not available in the Miro UI. - Sharing with organization via API is not available. The API returns an error 403 as a response. |
Everyone is restricted, including the board owner. |
| Block sharing outside allowed domains | - Board sharing via direct email invitation is limited to users whose email addresses belong to the allowed domains on this list. This guardrail does not affect access granted through team, organization, or public links as those are controlled by separate guardrails. - You can add up to 20 allowed domains in this list. - This guardrail is designed to work with the Security > Sharing > Allowed domains setting, which can be configured at both the organization and team levels. This means that if you have the Allowed Domains setting enabled, you must ensure that the domain you'd like to allow sharing boards to is listed in both the Intelligent Guardrails setting and the Security > Sharing > Allowed domains setting. Notes: - If the board was already shared with email addresses that are not on this list, the users who already have access to the board will continue to have access. - Existing users who already have access to a board, but are not in the domain allowed list are indicated in the Manage board access UI. You can remove access for these users manually. - You can easily view information about domain restrictions applied via the Classification page. Example 1: Security > Sharing > Allowed domains: miro.com, gmail.com Guardrail Allowed Domains: miro.com Outcome: Board sharing via direct email invitation is limited to emails ending in miro.com. Although gmail.com is allowed in the Security > Sharing > Allowed domains setting, it isn’t permitted by the guardrail. Example 2: Security > Sharing > Allowed domains: miro.com, gmail.com Guardrail Allowed Domains: example.org, example.com Outcome: Board sharing via direct email invitation is not allowed for any domain because there’s no overlap between the two lists. |
Board sharing via direct email invitation is limited to users whose email addresses belong to the allowed domains on this list. This guardrail does not affect access granted through team, organization, or public links as those are controlled by separate guardrails. If the board was already shared with email addresses that are not on this list, the people who already have access to the board will continue to have access. |