You have a Microsoft 365 subscription that uses Microsoft Exchange Online.
You need to receive an alert if a user emails sensitive documents to specific external domains.
What should you create?
You have a Microsoft 365 subscription that uses Microsoft Exchange Online.
You need to receive an alert if a user emails sensitive documents to specific external domains.
What should you create?
To receive an alert if a user emails sensitive documents to specific external domains, you should create a Microsoft Cloud App Security file policy. This type of policy is designed to monitor and alert on files shared with specific external domains, providing the specific control needed in this scenario.
The answer is C, https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies, sharing with external domain.
Correct answer is D Alert can be configured in alert filter. Privacy category is used to choose templates and not alerts
It says specific external domains so I'll go with C. https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#policies Sharing with external domains - Receive an alert about any file shared with accounts owned by specific external domains. For example, files shared with a competitor's domain. Select the external domain with which you want to limit sharing.
Correct answer is A To receive an alert if a user emails sensitive documents to specific external domains in a Microsoft 365 subscription that uses Microsoft Exchange Online, you should create a data loss prevention (DLP) policy that uses the Privacy category.
Option B, a Microsoft Cloud App Security activity policy, is not the correct answer because it is used to monitor and analyze user and admin activity across cloud apps, but it does not specifically monitor email attachments. Option C, a Microsoft Cloud App Security file policy, is not the correct answer because it is used to scan files in cloud storage locations such as OneDrive and SharePoint, but it does not specifically monitor email attachments. Option D, a DLP alert filter, is not the correct answer because it is used to filter the alerts generated by a DLP policy based on specific criteria, but it does not create the initial DLP policy.
To configure the DLP policy to send an alert when a user emails sensitive documents to specific external domains, you can follow these steps: Open the Microsoft 365 compliance center and go to the Data loss prevention page. Click Create a policy to create a new DLP policy. In the Policy settings page, select the Privacy category and choose the sensitive information types that you want to protect. In the Locations section, select the email option to apply the policy to emails. In the Policy tips section, configure the action that you want to take when a sensitive document is detected. For example, you can send an alert to the user, manager, or administrator. In the Policy settings section, select the external domains that you want to monitor. Save the policy and test it to ensure that it is working as expected.
It's A: https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#:~:text=Sharing%20with%20external%20domains%20%2D%20Receive%20an%20alert%20about%20any%20file%20shared%20with%20accounts%20owned%20by%20specific%20external%20domains.%20For%20example%2C%20files%20shared%20with%20a%20competitor%27s%20domain.%20Select%20the%20external%20domain%20with%20which%20you%20want%20to%20limit%20sharing.
A is incorrect. Privacy categories detect and protect the type of privacy information; DLP policies restrict the transmission of information to outside parties, but privacy categories are ineligible. B is incorrect. An activity policy cannot specify a domain. It detects multiple failed sign-ins and sign-ins from unfamiliar locations. C is correct. File policy allows you to receive alerts about files shared with accounts owned by a specific external domain. D is incorrect. The alerts displayed on the dashboard are just extracted by specific criteria and displayed in an easy-to-read manner. https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
I go for option A too: You should create a DLP policy that detects sensitive information being sent to specific external domains. Once the policy is in place, it will trigger alerts when sensitive documents are emailed to those domains. DLP alert filter (Option D) is a mechanism for narrowing down and monitoring specific DLP policy violations or incidents. However, it doesn't directly prevent or alert you when sensitive documents are emailed to specific external domains. It is used in conjunction with a DLP policy to refine the alerts generated by the policy. So, the primary action should be creating a DLP policy, and the alert filter can be used to fine-tune the notifications.
its A correct, when you create a DLP policy you can use custom category or the privacy category implied, from there you do not need to set an action rather than sending alert to admin about it
Documentation from Microsoft Defender for Cloud apps (old name MCAS) . "Sharing with external domains - Receive an alert about any file shared with accounts owned by specific external domains. For example, files shared with a competitor's domain. Select the external domain with which you want to limit sharing." So, correct answer is C https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
I am going with C for the reasons kodoi said. But I am not sure as I do not see what a person who recently scored an 890 would have picked. /s
ahahahha
Why not C?
Only a DLP policy can create an alert. An alert filter just filters existing alerts. File and activity policies don't make sense in this context
Community vote D(50%). A(19%) why sugguest answer A
answer is A
I will go with C. there is the word "documents", so it will be the file policy
https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#policies