Exam MS-900 topic 1 question 30 discussion

Correct, with Intune app protection you can create and assign app protection polies. A policy rule can be a rule that is being enforced when a user tries to access or move company data, or a set of actions that are prohibited or monitored when the user is in het app. A managed app is an app that has app protection policies applied and can be managed by Intune.

A. No adjustment required Explanation: The underlined segment states that you should use Intune App Protection to prevent employees from copying corporate information to their personal OneDrive folders. This is accurate. https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy

Intune App Protection policies allow you to control how data is accessed and shared by apps on mobile devices, including preventing data from being copied to unmanaged or personal storage locations. Information Rights Management (IRM) is primarily used to protect sensitive information by applying encryption and access controls to documents and emails. While IRM can help prevent unauthorized access and sharing of protected content, it does not specifically provide the capability to prevent users from copying data to personal OneDrive folders

A. No adjustment required: This answer is incorrect because Intune App Protection is not specifically designed to prevent data from being copied to personal OneDrive accounts. C. Microsoft Azure AD Privilege Identity Protection: This solution relates to the management of privileged identities and has nothing to do with protecting data in personal OneDrive folders. D. Microsoft Azure AD Identity Protection: This solution focuses on detecting and managing security risks related to identities but is not directly aimed at protecting corporate data in personal cloud services like OneDrive. Therefore, B. Information Rights Management is the correct answer.

Here's the answer: https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy

The underlined segment is accurate. Intune App Protection Policies (APP) can be used to restrict data movement between applications, including preventing the copying of corporate information to personal OneDrive folders. This ensures that corporate data remains secure and is not transferred to unauthorized locations. Therefore, the correct answer is: A. No adjustment required

Para garantir que os funcionários sejam proibidos de copiar informações corporativas para suas pastas pessoais do OneDrive, a opção mais apropriada é a "Gestão de Direitos de Informação" (IRM - Information Rights Management). O IRM permite aplicar políticas que controlam como as informações são usadas e protegidas, incluindo a prevenção de cópia não autorizada de conteúdo corporativo.

I think the correct answer is: A Information Rights Management (IRM) is when you want to protect sensitive Orgs data (for example encrypt some files or emails) so that if they are outside your Org they are still protected. When we talk about personal devices and data protection more relevant answer is "Intune app protection".

The part for me which doesn't add up is the question didn't state that they have Intune enrolled devices. We're assuming Intune is managing devices, but the question didn't state that as a fact or not. I don't like to assume

The answer is B.

Intune is the answer

Confusing question. Probably is Intune due to accessing cloud. Just i think as SP online as being in cloud and so would use "Information Rights Management", but i would hope it would state SP in question, so intune.

respuesta A https://docs.microsoft.com/en-us/intune/app-protection-policy

Intune App Protection can be used to prevent employees from copying corporate information to their personal OneDrive folders. This is achieved through the use of policies that restrict the sharing and saving of data, preventing sensitive corporate data from being stored on personal devices or cloud services. Therefore, no adjustment is required.

Intune App Protection can be used to prevent employees from copying corporate information to their personal OneDrive folders. This is achieved through the use of policies that restrict the sharing and saving of data, preventing sensitive corporate data from being stored on personal devices or cloud services. Therefore, no adjustment is required.

its most likely A

The correct feature to prevent employees from copying corporate information to their personal OneDrive folders is Information Rights Management (IRM) in conjunction with Intune App Protection.