You have a data loss prevention (DLP) policy that applies to the Devices location.
The policy protects documents that contain United States passport numbers.
Users report that they cannot upload documents to a travel management website because of the policy.
You need to ensure that the users can upload the documents to the travel management website.
The solution must prevent the protected content from being uploaded to other locations.
Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge.
-> If the list mode is set to Block, then user will not be able to upload sensitive items to those domains.
When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item.
-> If the list mode is set to Allow, then users will be able to upload sensitive items only to those domains, and upload access to all other domains is not allowed.
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwideTo enable users to upload the documents that contain United States passport numbers to the travel management website, while still preventing the protected content from being uploaded to other locations, you should configure the Endpoint DLP setting for "Service domains."
Endpoint DLP is a feature of Microsoft 365 that helps prevent sensitive information from being shared or leaked outside of an organization. It allows organizations to create policies that detect and prevent sensitive information from being transmitted through various channels such as email, SharePoint, OneDrive, and more.
When you create a DLP policy that applies to the "Devices location," it means that the policy will be enforced on all devices that are managed by the organization, including PCs, laptops, and mobile devices.
In this scenario, users are unable to upload documents to a travel management website because the DLP policy is blocking documents that contain United States passport numbers. To allow users to upload these documents, you need to configure the "Service domains" setting in the Endpoint DLP policy.
Service domains are the specific web services that are included in a DLP policy. By configuring the "Service domains" setting, you can allow users to upload protected content to a specific service domain, while still preventing the protected content from being uploaded to other locations.
In this case, you should configure the Endpoint DLP policy to allow the travel management website as a service domain, so that users can upload documents containing United States passport numbers to that website without being blocked by the DLP policy. This will ensure that the protected content is only uploaded to the authorized service domain, and not to any other location that may be prohibited by the policy.
Therefore, the correct answer to this question is D. Service domains.