Preventing Emailing Employee Assessments
Question
Your company has a Microsoft 365 tenant.
The company performs annual employee assessments.
The assessment results are recorded in a document named AssessmentTemplate.docx that is created by using a Microsoft Word template.
Copies of the employee assessments are sent to employees and their managers.
The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders.
A copy of each assessment is also stored in a SharePoint Online folder named Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users.
You will use a document fingerprint to identify the assessment documents.
The solution must minimize effort.
What should you include in the solution?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://docs.microsoft.com/en-us/microsoft-365/compliance/document-fingerprinting?view=o365-worldwideTo prevent employee assessments from being emailed to external users, you can create a DLP policy that uses a document fingerprint. A document fingerprint is a unique identifier for a specific document, and it is based on the document's contents.
To create the DLP policy, you should take the following steps:
Create a document fingerprint of the AssessmentTemplate.docx file. This will serve as the basis for identifying all assessment documents. To create the document fingerprint, you can use the Document Fingerprint wizard in the Microsoft 365 compliance center. Select the Assessments folder, and then follow the wizard's instructions to create the fingerprint.
Create a sensitive info type that uses Exact Data Match (EDM). An EDM sensitive info type matches specific text patterns or values that you specify. In this case, you can create a sensitive info type that matches the AssessmentTemplate.docx fingerprint. To create the sensitive info type, go to the Microsoft 365 compliance center, select "Sensitive info types", and then follow the wizard's instructions to create the type.
Create a DLP policy that uses the sensitive info type you just created. The policy should block any email that contains the sensitive info type and is sent outside the company. To create the DLP policy, go to the Microsoft 365 compliance center, select "Data loss prevention", and then follow the wizard's instructions to create the policy. Select "Email" as the content type to protect, and then specify the conditions for triggering the policy. For example, you can require that the email contain the sensitive info type and be sent outside the company.
Test the DLP policy to ensure that it is working as expected. You can test the policy by sending a sample email that contains the sensitive info type to an external email address. If the policy is working, the email should be blocked.
In summary, to create a DLP policy that prevents employee assessments from being emailed to external users, you should create a document fingerprint of the AssessmentTemplate.docx file, create a sensitive info type that matches the fingerprint, create a DLP policy that uses the sensitive info type, and test the policy to ensure that it is working correctly.
