Data Loss Prevention Policies for Microsoft 365 | Exam MS-500 Answer

Protecting Information: Policies and Rules for Microsoft 365 Security Administration

Prev Question Next Question

Question

You are a global administrator in an organization with a Microsoft 365 subscription.

You want to protect the information that is being shared both inside and outside of your organization, so you decide to create Data Loss Prevention policies.

Your company has a big customer base in France, and you want to make sure email containing France National ID Card information cannot be sent out of your organization.

Administrator and the user who is sending the email must be notified when rule match occurs.

For security reasons you would also like the administrator to be notified whenever someone emails Azure Storage Account Key information within your organization.

The user sending the Storage Account Key information must also be notified when rule match occurs.

You want to restrict users from sharing SWIFT Code from OneDrive outside of your organization, but also enable users to override the policy if needed.

Users must state a business justification if they choose to override the policy.

Lastly you would like the administrator to be notified whenever someone is sharing a .exe file from OneDrive within your organization.

The users sending and receiving the file must not be notified. What is the minimum number of policies and rules needed to achieve this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

Correct Answer: D

You need to create two DLP policies; one for Exchange (Policy 1) and one for OneDrive (Policy 2)

Within Policy 1 you must create two rules;

First one for stopping mail containing France National ID Card information from being sent outside the organization.

Second one for notifying the administrator and end user when they send mail containing Azure Storage Account Key information.

For both rules you select notify end user and administrator

Within Policy 2 you must create two rules;

First one for restricting sharing of SWIFT Code outside of your organization.

Set the details as shown in the exhibit below.

Second one for notifying administrators when .exe files are being shared within your organization.

Set the details as shown in the exhibit below.

Policy 1:

Test search to be exported_Export 4b Restart export 4 Download results [iJ Delete Search name Test search to be exported Started on 2021-06-29720:12:48.317Z Size 15 Items, 702.48 KB Export key The export key below is required to download the search results, Be sure to take precautions to protect this key because anyone can use it to download these results. 201 eDis [Bh Copy to clipboard () Change key Status The export has completed. You can start downloading the results.
[B eDiscovery Export Too! Export Name: Test search to be exported Export Paste the export key that will be used to connect to the source: Select the location that will be used to store downloaded files: © Advanced options

Policy 2:

Choose locations to apply the policy We'll apply the policy to data that's stored in the locations you choose. © Protecting sensitive info in on-premises repositories (SharePoint sites and file shares) s now in preview. Note that there are prerequisite steps needed to support this new capability. Lean more about the prerequisites Status Location Included Excluded @) of Exchange email @) of ® SharePoint sites @«= & OneDrive accounts All None Choose account or distribution group Exclude account or distribution group @) of "6 Teams chat and channel messages @ on 8 Microsoft Cloud App Security @) of & _On-premises repositories
+ Create rule A. Restrict sharing of SWIFT Code Conditions Content contains any of these sensitive info types: ‘SWIFT Code Content is shared from Microsoft 365 with people outside my organization Actions Notify users with email and policy tips Restrict access to the content for external users A Notify sharing of .exe files Conditions Content is shared from Microsoft 365 ‘only with people inside my organization File extension is Actions Send alerts to Administrator @o 2 items|

Details “Restrict sharing of SWIFT Code”:

/\ User overrides Let people who see the tip override the policy and share the content. @« @ Require a business justification to override [FJ Override the rule automatically if they report it as a false positive

Since the answer is given in the documentation, the other options are incorrect.

Reference:

To know more about DLP policies, please refer to the link below:

To achieve the requirements mentioned, we need to create a Data Loss Prevention (DLP) policy with several rules. The policy will apply to email messages and files shared through OneDrive.

The first requirement is to prevent the sharing of French National ID Card information outside of the organization. For this, we need to create a DLP rule that checks for the presence of National ID Card information in an email. We will create an Exchange transport rule that applies this DLP rule to outgoing emails. The rule should be configured to block the email and send a notification to both the sender and the administrator.

The second requirement is to notify the administrator whenever someone emails Azure Storage Account Key information within the organization. For this, we need to create a DLP rule that checks for the presence of Azure Storage Account Key information in an email. We will create an Exchange transport rule that applies this DLP rule to internal emails only. The rule should be configured to send a notification to the administrator only.

The third requirement is to restrict users from sharing SWIFT Code from OneDrive outside of the organization but allow users to override the policy with a business justification. For this, we need to create a DLP policy that applies to files shared through OneDrive. We will create a DLP rule that checks for the presence of SWIFT Code in a file. The rule should be configured to block the file from being shared outside of the organization, but also allow users to override the policy with a business justification.

The fourth requirement is to notify the administrator whenever someone is sharing a .exe file from OneDrive within the organization. For this, we need to create a second DLP policy that applies to files shared through OneDrive. We will create a DLP rule that checks for the presence of .exe files in a file. The rule should be configured to send a notification to the administrator only.

Based on the above requirements, we need two policies and four rules to achieve all the requirements.

  • Policy 1: One DLP rule to block French National ID Card information in outgoing emails and send notifications to both the sender and the administrator.
  • Policy 2: Three DLP rules, one to send notifications to the administrator for Azure Storage Account Key information in internal emails, one to block SWIFT Code from being shared outside of the organization but allow override with a business justification, and one to send notifications to the administrator for .exe files shared on OneDrive.

Therefore, the correct answer is D. 2 policies, 4 rules.

Prev Question Next Question