You are a Microsoft 365 administrator for a company.
You need to ensure that company documents are marked as confidential. You must prevent employees from sharing documents with people outside the company.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
To ensure that company documents are marked as confidential and to prevent employees from sharing documents with people outside the company, you can create a data-loss prevention (DLP) policy and apply sensitivity labels to documents. A DLP policy helps to automatically classify and protect sensitive information and can block users from sharing such information with people outside the company. Sensitivity labels can classify and help protect sensitive content, with options including encryption and access restriction to ensure that only authorized personnel can view or share the documents.
D and E
I asked the expert for the answer and this is his comment: A sensitive information type is just a way for Microsoft 365 to identify documents and messages containing instances of sensitive information. It won’t do anything to stop people sharing that information unless you use the SIT in a DLP policy. Go to Link: https://practical365.com/custom-sensitive-information-types/#comment-237004 You need to create a DLP, so the answer is D and E
Are ANY of these COMPLETE SOLUTIONS?
It`s B and D. You need to create sensitive information types first if you want to create sensitivity labels or data-loss prevention policies. If you apply a sensitivity label to a document it can be encrypted and remain encrypted during the transit in an email for example and to view the content of that document you have to have special rights or an app, but it doesn`t prevent the document from sharing, sensitivity labels just marks and encrypts documents, to prevent documents from sharing you have to use data-loss prevention policy.
D. Create a data-loss prevention policy: You can create a data-loss prevention (DLP) policy in Microsoft 365 that will automatically classify and protect sensitive information, such as confidential documents. The policy can also block users from sharing such information with people outside the company, ensuring that company data remains secure. E. Apply sensitivity labels to documents: You can apply sensitivity labels to documents to indicate the level of confidentiality or sensitivity of the information contained in the document. Sensitivity labels can be configured to restrict access to certain individuals or groups, preventing employees from sharing sensitive information with people outside the company. Therefore, the correct answers are D and E.
Answer is B & E. DLP notifies when email or documents having sensitive information get shared with someone outside your organization. This policy doesn't restricts from sharing the data. Also, sensitive information types classify the data and sensitive label marks the company's sensitive data as confidential. As soon as, document or an email is marked confidential, forwarding ability is disabled. So, this is going to restrict the users from sharing data outside organization
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-the-default-dlp-policy?view=o365-worldwide
DLP DOES restrict you from sharing data When editing the DLP rule it lists an 'action' to take when a specified 'condition' is met; "if content is shared from MS365" and either "only with people inside my org" or "with people outside my org" then "use action to protect content when conditions are met"; "restrict access or encrypt the content in MS365 locations" by "block everyone" or "block only people outside your org"
D and E
Wrong answer, should be D and E. Sensitive Information types doesn't enforce anything.
Wont be D as D prevents data loss and doesn't prevent the sharing of the sensitive data. Data can still be shared with option D.
I agree. Below is the reference : https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-the-default-dlp-policy?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide Answers are D and E
wow another wrong answer, shocking. Won't be using this service again!
sensitive information type is something you can create during the process of creating and applying labels, the solution is in the hand of the creation and publishing of the labels. Creating sensitivity info types is NOT a complete solution but part of one
Its D and E
Given answer is indeed correct.
Option B doesn't make sense here!
D & E are the correct answers
D and A is corret in my opnion