Miro boards items can contain privacy and regulatory data (PII, PHI, PCI) or confidential business critical content (IP, trade secrets). After data discovery and auto-classification, organizations must implement remediation measures that are crucial for maintaining sustained privacy, security, and compliance with relevant regulations.
With guardrails, you can now automatically enforce remediation strategies, such as automatically restricting sharing capabilities at various levels (public, team, organization) based on the board's content and classification level. This ensures sustained privacy and compliance without hindering business operations.
Admins have two options for rolling out Intelligent Guardrails in their organization:
- Default mode: By default, guardrails do not affect active sharing options on boards to avoid disrupting ongoing collaboration, including when the boards are reclassified during auto-classification.
- Strict mode: When the Apply guardrails in strict mode toggle is turned on, guardrails override all active sharing options. This provides Admins with the strictest levels of control, but can also result in some users losing board access immediately.
The following table lists the guardrails supported in the current release.
| Guardrail | Description | Users affected |
| Block public sharing |
- Option to share with Anyone with the link is not available in the Miro UI. - Public sharing via API is not available. The API returns an error 403 as a response. - Block public sharing is not applicable to boards embedded using the access-link of Live Embed as these boards are not considered to be shared via public link. For more information, see How to allow or restrict embedding Miro boards in supported apps. |
Everyone is restricted, including the board owner. |
| Block sharing with teams |
- Option to share with Anyone at Team is not available in the Miro UI. - Sharing with teams via API is not available. The API returns an error 403 as a response. |
Everyone is restricted, including the board owner. |
| Block sharing with organization |
- Option to share with Anyone at Organization is not available in the Miro UI. - Sharing with organization via API is not available. The API returns an error 403 as a response. |
Everyone is restricted, including the board owner. |
| Block content replication |
- Options for content replication are not available in the Miro UI. This includes: - Duplicating a board to other users' teams - Downloading files on the board - Downloading images on the board - Downloading PDFs on the board - Copying content or objects from the board - Exporting boards as an image - Exporting boards as PDF - Saving boards as a custom template - Content replication via APIs are not available. The API returns an error 403 as a response. |
The board owner and co-owners are not restricted. The board owner and co-owners can perform content replication actions as this is needed for the board owner to update the board and create sanitized versions of the boards for further collaboration. Everyone else is restricted. |
For more information on guardrails and example scenarios, see Guardrails overview and scenarios.
Define guardrails
This is the third step of the auto-classification and guardrails configuration flow. In this step of the flow, you will configure the guardrails, which are the restrictions applicable for each classification level, such as block public sharing, block sharing with teams, block sharing with organization, or block content replication. For example, you can configure guardrails to block public sharing, block sharing with teams, block sharing with organization, and block content replication for users of boards that are classified as CONFIDENTIAL.
Prerequisites
- You must know the guardrails that you want to assign to each classification level based on your security and governance requirements.
- You must have the Sensitive Content Admin role. To request for the Sensitive Content Admin role, contact your Company Admin.
Assign guardrails
To assign guardrails to a classification level, perform the following steps:
- On the Define guardrails page, click the Edit icon of the classification level for which you want to assign the guardrails. For example, if you want to assign guardrails for the CONFIDENTIAL classification level, click the Edit icon on the row of the CONFIDENTIAL classification level.
- Select the checkbox for each guardrail label that you want to assign to this classification level. For example, if you want to block public sharing, block sharing with teams, block sharing with organization, or block content replication for the users of boards that are classified as CONFIDENTIAL, select the following checkboxes:
- Block public sharing
- Block sharing with teams
- Block sharing with organization
- Block content replication
- By default, guardrails do not affect active sharing options on boards to avoid disrupting ongoing collaboration, including when the boards are reclassified during auto-classification.
If you want to apply guardrails and override all active sharing options, turn on the Apply guardrails in strict mode toggle. This can result in users losing access to boards. This provides Admins with the strictest levels of control, but can also result in some users losing board access immediately. - Click Done.
Your configuration is saved, but it will only take effect after you click Publish on the Review impact page. - When you are done with defining guardrails for various classification levels, proceed to Complete guardrails configuration.
Complete guardrails configuration
After you finish assigning guardrails for different classification levels, click Next. Your configuration is saved, but it will only take effect after you click Publish on the Review impact page.