You need to protect documents that contain credit card numbers from being opened by users outside your company. The solution must ensure that users at your company can open the documents.
What should you use?
You need to protect documents that contain credit card numbers from being opened by users outside your company. The solution must ensure that users at your company can open the documents.
What should you use?
To ensure that users within a company can open documents while preventing users outside the company from doing so, the correct solution is to use a sensitivity label. Sensitivity labels can be configured to apply encryption to documents and restrict access, ensuring that only authenticated users within the organization can open the documents. This matches the requirement of protecting documents containing sensitive information, such as credit card numbers, from being accessed by external users.
D is correct, as others are not solutions,
D is correct, as others are not solutions
but why sensitivity label isn't a valid option? you can configure your label to apply encryption and grant permission to view only to members of your organization. if you want to prevent people outside the org to OPEN the file, sensitivity label is valid, if you want to prevent people to SHARE outside the org (which may lead to prevent to be opened of course), DLP is valid. this question is trickier than people are arguing.
I have tested this today and within a DLP policy there is an option to add an action that can "restrict access or encrypt content in Microsoft 365 locations". We are given the option to specify those locations, Exchange being one of them. Further to this, when configuring this action we are also given the option to "Block only people outside of your organisation". This will stop files with the specified sensitive information (in this case, credit card numbers) from being shared externally. Therefore, the answer here is D - a data loss prevention (DLP) policy.
The issue here is with the question's wording. "From being opened by users outside your company" NOT "From being shared with users outside your company" Depending on how you interpret it, the answer changes.
This question can be B and D DLP is clear but you can achieve the same result with a sensitivity label. You apply encryption and assign permissions to all Authenticated users
A DLP policy will detect content, but a sensitivty label applies protection to the document
To protect documents from being opened by user outisde the organization you need a DLP policy.
why "sensitivity label" isn't an option in this case? if you configure your label to encrypt files and apply permissions to view only to members of your organization it would work, once the question is about to "prevent to be OPENED by people outside your org". if the file is labeled this way it can't be opened.
I guess the reason is that sensitivity label nee to be published by a policy otherwise they do not work
I agree, D is correct, as others are not solutions,
Data loss prevention helps prevent unintentional sharing of sensitive items. https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide
Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, Also item contains a specified kind of sensitive information that is being used in a certain context. For example, 95 social security numbers being emailed to recipient outside your org. I put my money on D
The specific settings within a sensitivity label for external sharing only refers to Sharepoint sites. Under "Define external sharing and conditional access settings" and then you see the text... "When this label is applied to a SharePoint site, these settings will replace existing external sharing settings configured for the site." You can set only people in your org, but the question doesn't state it's documents just from SharePoint sites. Makes more sense using DLP, as you can cover multiple document locations and still prevent external sharing. D is correct to me.
I would rather go with Sensitivity label, because of opening the file by outsiders. But it requires Auto-labeling and the sensitivity label needs to encrypt the file
The questions says you need to "protect documents that contain credit card numbers from being opened by users outside your company". It does not say that you need to "prevent documents that contain credit card numbers from shared with users outside your company". Prevention is done with DLP. Protection is done with sensitivity labels. The answer is B.
DLP for sure- allows you to define rules that detect sensitive information like credit card numbers and then restrict access or actions based on those rules
D is correct, just tested it, you can secure credit card numbers by using a PICE Data Security Standard template. Everything in 1 single policy.
perhaps B ? https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide
D is he only effective one in this case
D is Final