MS-102 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-102 Exam - Question 209

You have a Microsoft 365 E5 subscription.

From the Microsoft Purview compliance portal, you create a new data loss prevention (DLP) policy named DLP1 that protects financial data from being shared by using Microsoft Teams messages. You apply DLP1 to the users in the finance department.

An incident is raised when a finance department user named User1 shares financial data in a Teams channel that includes external members.

When User1 uses Teams to send the same message in a 1:1 chat or a private channel, the message is blocked as expected.

You need to ensure that User1 is prevented from sharing financial data in Teams channels that include external members.

What should you do?

Show Answer
Correct Answer: B

To ensure User1 is prevented from sharing financial data in Teams channels that include external members, you should edit the Locations settings of DLP1. By adjusting the location settings, you can specify that the DLP policy should also cover Teams channels, in addition to 1:1 chats and private channels, ensuring comprehensive coverage across all messaging platforms where data might be shared. This would address the issue of the current policy not blocking messages in Teams channels that include external members.

Discussion

15 comments
Sign in to comment
ChapoOption: D
Nov 7, 2023

Answer is D. DLP is already blocking Teams internally. To block external sharing you use the DLP rules.

GeorgeMar
Apr 10, 2024

DLP policy customize access and override settings allows to Block only people outside your org

AlfaExamProOption: B
Oct 2, 2023

because DLP rules talk about DLP treshold, action etc DLP location more specific to set up DLP scope/location

aleksdjOption: D
Dec 3, 2023

It is D 100%! When you edit the policy through the Wizard, you will see that you can select the location for this policy, here you can choose to select all users or specific users, whatever option you choose it is only valid from internal to internal users, this option doesn`t affect the sharing from internal to external. Therefore you must click on "Next" and create a new "Advanced DLP Policy" rule where you can make a new condition : Content is shared from M365 > with people outside my organization.

VaeroxOption: D
Jan 24, 2024

https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams#recommended-dlp-policy-structure Everyone, please take a look at this URL. It's a condition inside a DLP rule, so the answer has to be D.

60ed5c2Option: D
Nov 4, 2023

But when I look at location in my tenant you can't differentiate between teams channels and chats - it is either on or off. So if it is working for chats - it would be working for channels if the location was set. It appears that editing the policy rules you can add an additional policy to apply if shared externally. I think D is correct.

jt2214Option: D
Nov 11, 2023

I agree with Chapo - D

timkuo1009Option: B
Dec 7, 2023

B is correct. Edit DLP policy->location and select sharepoint sites. Files that you upload to a channel are stored in your team's SharePoint folder. These files are available in the Files tab at the top of each channel. https://support.microsoft.com/en-us/office/file-storage-in-microsoft-teams-df5cc0a5-d1bb-414c-8870-46c6eb76686a

GLLOption: B
Oct 9, 2023

Edit the Locations settings of DLP1

cpaljchc4Option: B
Jan 5, 2024

“We need to block all sharing of SharePoint and OneDrive items to all external recipients...” - Administrative scope: Full directory - Where to monitor: SharePoint sites, OneDrive accounts - Conditions for a match: First Condition > Shared outside my org - Action: Restrict access or encrypt the content in Microsoft 365 locations > Block users from receiving email or accessing shared SharePoint, OneDrive > Block only people outside your organization. Think B is more direct to the question. Ref:https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy

Tomtom11Option: B
Mar 7, 2024

The Rule option is the answer. As you edit the rule by creating a condition option https://learn.microsoft.com/en-ie/purview/dlp-policy-design#complex-rule-design

SesbriOption: B
Jan 22, 2024

For me it must be B. Here is my explanation: 1. Definition of locations in DLP: https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy#policy-scope - We se that locations are more like a cluster for which defines the platform 2. Definition of DLP rules: https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy#policy-scope - DLP rules consolidate the details of a rule. In this case the conditions are relevant. Here we can modify the actions to match the input from the question.

CraiggOption: B
Mar 1, 2024

Hi, I would have to go for B as it states that one to one chats are already block. One to one chats use one drive, teams chats do not. So we know the policy is correctly configured by you need to add the Teams chat location.

TonyManeroOption: B
Apr 15, 2024

I think location is the is the most appropriate: https://learn.microsoft.com/en-ie/purview/dlp-policy-reference#locations

TonyManeroOption: B
May 8, 2024

I think must modify the Location because: "To scope a DLP Teams policy to all chat types, either scope your policy to All locations.." reference: https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams?tabs=purview#scope-of-dlp-protection

Murad01Option: D
Jul 11, 2024

I agree with answer: D