Your company has a Microsoft 365 tenant that uses a domain named contoso.com.
You are implementing data loss prevention (DLP)
The company's default browser is Microsoft Edge.
During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft SharePoint Online site that has a URL of https://m365x076709.sharepoint.com.
Users are blocked from uploading the confidential files to the site from Microsoft Edge.
You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.
Which two actions should you perform? Each correct answer presents part of the solution.
(Choose two.) NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D. E.CD.
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwideTo prevent users from uploading files labeled as Confidential from Firefox and Google Chrome to any cloud services, you should perform the following two actions:
A. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add m365x076709.sharepoint.com as a blocked service domain.
This action will block users from uploading confidential files to the specific SharePoint Online site with the URL https://m365x076709.sharepoint.com. By adding the URL as a blocked service domain in Endpoint DLP settings, any attempts to upload files labeled as Confidential to this site will be blocked, regardless of the browser used.
B. Create a DLP policy that applies to the Devices location.
This action will allow you to create a DLP policy that applies to devices location, which includes Firefox and Google Chrome browsers. You can configure the policy to detect files labeled as Confidential and block them from being uploaded to any cloud services. By doing this, you will ensure that users cannot upload files labeled as Confidential from any browser to any cloud services.
Therefore, the correct answers are A and B.
C. From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, add Firefox and Google Chrome to the unallowed browsers list.
This option is incorrect because adding Firefox and Google Chrome to the unallowed browsers list will only prevent users from using these browsers to access cloud services that are blocked by Endpoint DLP settings. It will not prevent users from uploading files labeled as Confidential from Firefox and Google Chrome to any cloud services.
D. From the Microsoft 365 compliance center, onboard the devices.
This option is also incorrect because onboarding devices will not help prevent users from uploading files labeled as Confidential from Firefox and Google Chrome to any cloud services. Device onboarding is a process of registering devices with Microsoft Intune or System Center Configuration Manager to enable device management and compliance policies. It does not provide any specific protection against data loss prevention.
E. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add contoso.com as an allowed service domain.
This option is also incorrect because adding contoso.com as an allowed service domain will not help prevent users from uploading files labeled as Confidential from Firefox and Google Chrome to any cloud services. This action only allows users to upload confidential files to cloud services within the contoso.com domain. It does not prevent users from uploading confidential files to other cloud services.