Exam MS-500 topic 3 question 10 discussion

Actual exam question from Microsoft's MS-500

Question #: 10
Topic #: 3

SIMULATION -
You need to prevent any email messages that contain data covered by the U.K. Data Protection Act from being sent to recipients outside of your organization, unless the messages are sent to an external domain named adatum.com.
To complete this task, sign in to the Microsoft 365 admin center.

Show Suggested Answer

Suggested Answer: See explanation below.
1. After signing into the Microsoft 365 admin center, navigate to Compliance Management in the Exchange Admin center.
2. Click on ג€Data Loss Preventionג€ option.
3. To add a new custom DLP policy, Click on (+) plus button to get the context menu
4. Click on ג€New Custom DLP policyג€ option, a new window appears where you have to enter policy name, description, state and mode of the requirement details.
Click on save button to create policy and continueג€¦
5. You will be back to the ג€Data Loss Preventionג€ screen with newly added policy information.
6. Double click on the added row to open the policy details, click on rules option in left part of the screen as depicted
7. Click on (+) plus button to add a new rule. Select the ג€Block messages with sensitive informationג€ rule.
8. On the following screen, we can add condition, action, exceptions, rule activation and deactivation dates

9. Click on ג€Select Sensitive information Typesג€ to specify the sensitive information details.

10. Click on (+) plus button and add the following Sensitive information Types:
✑ U.K. National Insurance Number (NINO
✑ U.S. / U.K. Passport Number
✑ SWIFT Code
11. Click on Ok
12. Add an exception for recipients in the adatum.com domain
13. Add recipients for incident reports and click ok
14. Click save
15. Click save
Reference:
https://events.collab365.community/configure-data-loss-prevention-policies-in-exchange-online-in-office-365/

by fred at March 11, 2021, 7:06 p.m.

Comments

Submit Cancel

Anker

Highly Voted 4 years ago

Compliance Center --> Create Policy --> Privacy Category --> U.K. Data Protection Act --> Select Exchange Location only --> Create or Customize Advanced DLP Rules --> Edit (on both Low and High volumes) --> Add Exception --> "Except if recipient domain is" --> Add Adatum.com domain to domain exception field and click "Add" once complete. --> Actions --> Restrict Access or Encrypt the content in M365 locations --> Block users from accessing shared SharePoint, OneDrive, and Teams Content in Microsoft 365 locations (this includes EXO) --> Block only people outside of your organization. --> Save.

upvoted 32 times

...

LillyLiver

Highly Voted 3 years, 4 months ago

This was a sucky question to figure out with all the changes. Go to: M365 Compliance Center > Data Loss Prevention > Create Policy > {Change "All Countries and Regions to United Kingsom} > Choose the Privacy category > Select "U.K. Data Protection Act" > Next > Give it a name is you want > Next > Deselect everything EXCEPT Exchange > Next > SELECT "Create or customize advanced DLP rules" > EDIT "Low volume of content detected U.K. Data Protection Act 2" > Scroll down to the "Exceptions" heading > Click "Add exception" > SELECT "Except if recipient domain is" > enter "Adatum.com" > click the "Add" button > click the "Save" button. Repeat for the "High volume of content detected U.K. Data Protection Act 2" rule.

upvoted 18 times

...

sayyidsaif

Most Recent 4 years, 2 months ago

Classic Exchange Admin center --> Compliance Management -->press + Button -->New DLP Policy From Template-->choose template "U.K. Data protect Act" -->save --> Edit policy -->Rules-->select each rule and add exception using add exception option and go to "domain is" and specify Domain name there

upvoted 2 times

...