Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10
The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers.
Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you mark the application as Unsanctioned.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwideThe proposed solution of marking the Tailspin_scanner.exe application as Unsanctioned from the Cloud App Security portal will not achieve the goal of blocking the application from accessing sensitive documents without preventing it from accessing other documents.
Marking an application as Unsanctioned from the Cloud App Security portal means that the application is not allowed to access any resources in the Microsoft 365 tenant. This would prevent the Tailspin_scanner.exe application from accessing both sensitive and non-sensitive documents on the computers. Therefore, the proposed solution is not correct, and the answer is B. No.
To achieve the goal of blocking the Tailspin_scanner.exe application from accessing sensitive documents without preventing it from accessing other documents, the Microsoft 365 compliance center's data loss prevention (DLP) policies can be used.
Data loss prevention (DLP) policies can be configured to identify and protect sensitive information in documents, such as credit card numbers, social security numbers, and confidential company information. These policies can be used to prevent unauthorized access to sensitive information and to notify administrators when a policy violation occurs.
To block the Tailspin_scanner.exe application from accessing sensitive documents using DLP policies, you can create a policy that identifies sensitive information in documents and blocks access to those documents when accessed by the Tailspin_scanner.exe application. This can be done by creating an application-specific rule in the DLP policy that specifically targets the Tailspin_scanner.exe application.