Data Loss Prevention Policies for Microsoft 365 | Exam MS-500: Microsoft 365 Security Administration

Minimum Number of Policies and Rules for Data Loss Prevention in Microsoft 365

Prev Question Next Question

Question

You are a global administrator in an organization with a Microsoft 365 subscription.

You want to protect the information that is being shared both inside and outside of your organization, so you decide to create Data Loss Prevention policies.

Your company has a big customer base in France, and you want to make sure email containing France National ID Card information cannot be sent out of your organization.

Administrator and the user who is sending the email must be notified when rule match occurs.

For security reasons you would also like the administrator to be notified whenever someone emails Azure Storage Account Key information within your organization.

The user sending the Storage Account Key information must also be notified when rule match occurs.

You want to restrict users from sharing SWIFT Code from OneDrive outside of your organization, but also enable users to override the policy if needed.

Users must state a business justification if they choose to override the policy.

Lastly you would like the administrator to be notified whenever someone is sharing a .exe file from OneDrive within your organization.

The users sending and receiving the file must not be notified. What is the minimum number of policies and rules needed to achieve this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

Correct Answer: D

You need to create two DLP policies; one for Exchange (Policy 1) and one for OneDrive (Policy 2)

Within Policy 1 you must create two rules;

First one for stopping mail containing France National ID Card information from being sent outside the organization.

Second one for notifying the administrator and end user when they send mail containing Azure Storage Account Key information.

For both rules you select notify end user and administrator

Within Policy 2 you must create two rules;

First one for restricting sharing of SWIFT Code outside of your organization.

Set the details as shown in the exhibit below.

Second one for notifying administrators when .exe files are being shared within your organization.

Set the details as shown in the exhibit below.

Policy 1:

Choose locations to apply the policy We'll apply the policy to data that's stored in the locations you choose. © Protecting sensitive info in on-premises repositories (SharePoint sites and file shares) s now in preview. Note that there are prerequisite steps needed to support this new capability. Lean more about the prerequisites Status Location Included Excluded @«= Exchange email All None Choose distribution group Exclude distribution group @) of ® SharePoint sites @) of & OneDrive accounts @) of "6 Teams chat and channel messages @ on 8 Microsoft Cloud App Security @) of & _On-premises repositories
[B eDiscovery Export Too! Export Name: Test search to be exported Export Paste the export key that will be used to connect to the source: Select the location that will be used to store downloaded files: © Advanced options

Policy 2:

Choose locations to apply the policy We'll apply the policy to data that's stored in the locations you choose. © Protecting sensitive info in on-premises repositories (SharePoint sites and file shares) s now in preview. Note that there are prerequisite steps needed to support this new capability. Lean more about the prerequisites Status Location Included Excluded @) of Exchange email @) of ® SharePoint sites @«= & OneDrive accounts All None Choose account or distribution group Exclude account or distribution group @) of "6 Teams chat and channel messages @ on 8 Microsoft Cloud App Security @) of & _On-premises repositories
+ Create rule A. Restrict sharing of SWIFT Code Conditions Content contains any of these sensitive info types: ‘SWIFT Code Content is shared from Microsoft 365 with people outside my organization Actions Notify users with email and policy tips Restrict access to the content for external users A Notify sharing of .exe files Conditions Content is shared from Microsoft 365 ‘only with people inside my organization File extension is Actions Send alerts to Administrator @o 2 items|

Details “Restrict sharing of SWIFT Code”:

/\ User overrides Let people who see the tip override the policy and share the content. @« @ Require a business justification to override [FJ Override the rule automatically if they report it as a false positive

Since the answer is given in the documentation, the other options are incorrect.

To know more about DLP policies, please refer to the link below:

To achieve the objectives mentioned in the question, the minimum number of policies and rules required would be:

Option D: 2 policies, 4 rules.

Explanation:

  1. Policy 1: France National ID Card information

    • Rule 1: Block outbound emails containing France National ID Card information.
    • Rule 2: Notify the administrator and the user who is sending the email when a match occurs.

  2. Policy 2: Azure Storage Account Key information

    • Rule 1: Notify the administrator when someone emails Azure Storage Account Key information within the organization.
    • Rule 2: Notify the user who is sending the email when a match occurs.

  3. Policy 3: SWIFT Code sharing

    • Rule 1: Restrict users from sharing SWIFT Code from OneDrive outside of the organization.
    • Rule 2: Allow users to override the policy but require them to state a business justification.

  4. Policy 4: .exe file sharing

    • Rule 1: Notify the administrator when someone is sharing a .exe file from OneDrive within the organization.
    • Rule 2: Do not notify the users sending and receiving the file.

Therefore, the minimum number of policies and rules required to achieve the objectives mentioned in the question is 2 policies and 4 rules, which is option D.

Prev Question Next Question