ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 3 question 25 discussion

Actual exam question from Microsoft's MS-500
Question #: 25
Topic #: 3
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy.
A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message.
You need to ensure that the external recipients can open protected email messages sent to them.
You modify the encryption settings of the label.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by javilova at Dec. 19, 2019, 6:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
javilova
Highly Voted 5 years, 6 months ago
needs to resend email in order to apply changes in the label.
upvoted 13 times
...
Gravitino
Highly Voted 3 years, 10 months ago
The answer is incorrect. Tested and verified. Just change encryption settings ( Add users or Domain ) also change permissions.
upvoted 7 times
...
strawberries
Most Recent 2 years, 2 months ago
I would go with option A, because if you edit admin created labels the encryption settings get overwritted to already sent emails: https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide#what-happens-to-existing-encryption-when-a-labels-applied
upvoted 1 times
...
JoeP1
2 years, 4 months ago
Selected Answer: A
Many comments point to the documentation: https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide When the Assign Permissions Now is chosen instead of Let the User Decide, then the Encryption box clearly includes Assign Permissions to choose allowed domains or, in this case, All Authenticated Users everyone can open it.
upvoted 1 times
...
NarenKA
2 years, 10 months ago
Answer is: No External users can open emails labeled with encryption and content expiration. The issue is caused by the external sharing settings or assigned permissions of the Label.
upvoted 1 times
...
Vikram365
3 years, 1 month ago
Need to resend
upvoted 1 times
...
Jhill777
3 years, 4 months ago
Selected Answer: B
Need to resend
upvoted 1 times
...
Grudo
3 years, 5 months ago
"You need to ensure that the external recipients can open protected email messages sent to them." Where does the above quote refer to any messages that were previously sent? The question's verbiage is pretty clear that we are looking to resolve the condition preventing decryption for future messages, and we are not particularly concerned with rectifying past results. Therefore, "Yes", this will meet the goal.
upvoted 5 times
...
mkoprivnj
3 years, 7 months ago
Selected Answer: B
B is correct!
upvoted 1 times
...
lojlkdnfvlirez
3 years, 9 months ago
"Example 3: Add external users to an existing label that encrypts content The new users that you add will be able open documents and emails that have already been protected with this label. The permissions that you grant these users can be different from the permissions that the existing users have." https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide So, I would like to say "Yes"
upvoted 5 times
Satanley
3 years, 9 months ago
Don't you need to change the groups to whom the label is available to include everyone/external user ? In which case the answer is no.
upvoted 1 times
...
...
MimeTalk
3 years, 9 months ago
Answer is correct Check https://techcommunity.microsoft.com/t5/security-compliance-and-identity/secure-external-collaboration-using-sensitivity-labels/ba-p/1680498 for the entie method of sending sensitivity labelled doc to ext domain.
upvoted 1 times
...
averyfree
4 years, 2 months ago
This is incorrect. You DO go to Encryption settings to modify permissions for users/groups to access the files with the label applied. You can add external users here.
upvoted 4 times
...
kiketxu
4 years, 3 months ago
Modify encryption isn't enough to resolve this escenario. You need to add external users into the "encryption" settings within the label, but then, you need to relabel the document or message and send it again. This answer is correct to me.
upvoted 5 times
kiketxu
4 years, 3 months ago
I believe it don't need to relabel, just opening the file and saving again it will take the new published permissions. Mandatory send it back as they are externals.
upvoted 4 times
...
...
melki_zedek
4 years, 7 months ago
"In addition to reauthentication, the encryption settings and user group membership is reevaluated. This means that users could experience different access results for the same document or email if there are changes in the encryption settings or group membership from when they last accessed the content." https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide So changes in setting will affect the encryption but because the email is already sent the old policy will stay with it until the default use license validity period for a tenant is 30 days. So the missing word to make this a good answer is "Instruct the user to resend the message"
upvoted 3 times
...
pmr123
4 years, 9 months ago
I was thinking if we remove the encryption then users can able to view it without any restrictions..whats the deal here and why they said no
upvoted 1 times
luutuananh
4 years, 9 months ago
I think you also need to change the permission, chaging only the encryption settings is not enough.
upvoted 1 times
melki_zedek
4 years, 7 months ago
permissions is part of the Encryption Setting. Ref try creating a sensitivity label in M365 Security & Compliance
upvoted 4 times
...
...
NatP
4 years, 7 months ago
I think the scenario is that the label is for confidential internal information, thus the name. Removing the encryption defeats the purpose especially, having the label name as CompanyConfidential and then sending it out to external recipients.
upvoted 2 times
...
...
wasmith12
5 years ago
I think this is actually the correct answer https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide
upvoted 2 times
SUBZER0
4 years, 10 months ago
if you remove the encryption then is not protected anymore. you have to ensure that thre recipients can open PROTECTED email messages
upvoted 3 times
TimurKazan
4 years, 2 months ago
SUBZERO, there are no words about removing, it says "changing" you can add external users in encryption settings
upvoted 1 times
...
...
...
wasmith12
5 years ago
https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel