Exam MS-102 topic 1 question 209 discussion

Answer is D. DLP is already blocking Teams internally. To block external sharing you use the DLP rules.

because DLP rules talk about DLP treshold, action etc DLP location more specific to set up DLP scope/location

Les stratégies DLP dans Microsoft Purview permettent de : Cibler Microsoft Teams comme emplacement Définir des règles avec des conditions avancées, comme : Destinataires externes Messages dans les canaux Teams publics ou standards Et d’appliquer des actions : bloquer, alerter, informer

The correct answer is B. Edit the Locations settings of DLP1. In Microsoft Purview, the Locations setting in a DLP policy controls where the policy is enforced. Here, User1’s financial data is being blocked in 1:1 chats and private channels, but not in Teams channels with external members. This suggests that the DLP policy might not be fully configured to cover all relevant Teams locations, including channels with external participants. To fix this issue: Edit the Locations settings of DLP1 to ensure it applies to all Microsoft Teams channels, including those with external members. Verify that the DLP policy is set up to monitor Teams channel messages as well as 1:1 chats and private channels, so any message with sensitive financial data will be blocked regardless of the type of chat or channel.

I think it should be B answer: Edit locations settings of DLP1. https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams?tabs=purview#scope-of-dlp-protection "Restrict access or encrypt the content in Microsoft 365 locations > Block only people outside your organization"

B is correct read here https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams?tabs=purview#scope-of-dlp-protection

D. dlp is already applied to user 1; so you need a rule for external sharing

Edit the Locations settings of DLP1: This option would be correct if DLP1 were not already applied to User1. If DLP1 were applied to specific locations instead of users, then modifying the Locations settings could be a solution. However, since DLP1 is applied to the finance department (which includes User1), modifying the Locations settings would not solve the issue.

I have tested and its D - you need to add 2 conditions under "Content is shared from Microsoft 365" one for outside org and one for in org Within location you can opt in for a specific team or all however you cant specify outside or inside org

I agree with answer: D

I think must modify the Location because: "To scope a DLP Teams policy to all chat types, either scope your policy to All locations.." reference: https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams?tabs=purview#scope-of-dlp-protection

I think location is the is the most appropriate: https://learn.microsoft.com/en-ie/purview/dlp-policy-reference#locations

The Rule option is the answer. As you edit the rule by creating a condition option https://learn.microsoft.com/en-ie/purview/dlp-policy-design#complex-rule-design

Hi, I would have to go for B as it states that one to one chats are already block. One to one chats use one drive, teams chats do not. So we know the policy is correctly configured by you need to add the Teams chat location.

https://learn.microsoft.com/en-us/purview/dlp-microsoft-teams#recommended-dlp-policy-structure Everyone, please take a look at this URL. It's a condition inside a DLP rule, so the answer has to be D.

For me it must be B. Here is my explanation: 1. Definition of locations in DLP: https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy#policy-scope - We se that locations are more like a cluster for which defines the platform 2. Definition of DLP rules: https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy#policy-scope - DLP rules consolidate the details of a rule. In this case the conditions are relevant. Here we can modify the actions to match the input from the question.

“We need to block all sharing of SharePoint and OneDrive items to all external recipients...” - Administrative scope: Full directory - Where to monitor: SharePoint sites, OneDrive accounts - Conditions for a match: First Condition > Shared outside my org - Action: Restrict access or encrypt the content in Microsoft 365 locations > Block users from receiving email or accessing shared SharePoint, OneDrive > Block only people outside your organization. Think B is more direct to the question. Ref:https://learn.microsoft.com/en-us/purview/dlp-create-deploy-policy