Exam MS-500 topic 3 question 50 discussion

Given answer is correct. Information Protection Admins: Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies. Information Protection Analysts: Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types. Information Protection Investigators: Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.

Given answer is correct. please don't copy and paste chat gpt, check MS documentation. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide User1 - admin is the only one who can create DLP policies. User3 - investigator is the least priv who can use content explorer

If using the principle of least privilege, the Information protection analyst should perform both tasks. The Information protection administrator should not be used for either task, and the Information protection investigator is not required for either task. Bothe times user 2

Create and manage DLP policies -> User1 Review classified content by using Content explorer -> User3 Information Protection Admin: Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies. Information Protection Investigators: Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types. Reference: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions

• Create and manage data loss prevention (DLP) policies: User2 • Review classified content by using Content explorer: User3 Explanation: • User2 should create and manage data loss prevention (DLP) policies as this task requires a user with permissions to create and manage DLP policies. User2 is a member of the Compliance Management role group, which has the necessary permissions to create and manage DLP policies. • User3 should review classified content by using Content explorer as this task requires a user with permissions to review content that has been classified by DLP policies. User3 is a member of the Compliance Data Administrator role group, which has the necessary permissions to review classified content using Content explorer. User1 does not have the necessary permissions to perform either task. User4 is a Global Admin, who has full permissions across all Microsoft 365 services and features, but assigning such high-level permissions to a user for such specific tasks is not in line with the principle of least privilege.