You are a global admin in a company with a Microsoft 365 E5 subscription.
You are configured the following Data loss prevention policy rules: Rule 1: Notify users, restricts access, allows overrides Rule 2: Notify users Rule 3: Notify users, restricts access, does not allow overrides Rule 4: restricts access Rule 5: Notify users, restricts access, does not allow overrides If content is matching all the rules above, which rule will be enforced?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: C
Data loss prevention rules are processed in priority order, so the first rule created will be processed first (Rule 1)
But in this scenario the content is matching all the rules.
In those situations, the most restrictive rule with the highest priority will be enforced.
Here Rule 3 will be enforced because it is the most restrictive together with Rule 5 but has a higher priority.
To know more about DLP policies, please refer to the link below:
Based on the rules given, the order of priority for the DLP rules is as follows:
The reason for this priority order is that rules that restrict access take precedence over rules that only notify users, and rules that do not allow overrides take precedence over rules that do allow overrides.
So, if content matches all the rules above, the highest priority rule that matches the content will be enforced, which in this case is Rule 3 (Notify users, restricts access, does not allow overrides). This means that users will be notified of the DLP policy violation, their access to the content will be restricted, and they will not be able to override the policy.