Exam SC-400 topic 1 question 26 discussion

As this is a single choice question, based on https://docs.microsoft.com/en-us/microsoft-365/compliance/revoke-ome-encrypted-mail?view=o365-worldwide#how-to-revoke-an-encrypted-message-as-an-administrator A is the first step to perform.

Terrible question. B would be correct. https://docs.microsoft.com/en-us/microsoft-365/compliance/revoke-ome-encrypted-mail?view=o365-worldwide#how-to-revoke-an-encrypted-message-as-an-administrator Get the Message ID of the email. Verify that you can revoke the message. Revoke the mail. It's not asking what to do first, but prevent user from accessing the email. A is the first step, but doesn't prevent user from accessing. B revokes the message. C is what the user, not what you would do. D is about compliance E is user, not admin.

None is correct.... You can't revoke an encrypted message which is sent to an office account, only revocation from social mailboxes such gmail will work.... Ref: https://learn.microsoft.com/en-us/entra/identity/users/groups-assign-sensitivity-labels?tabs=microsoft#sensitivity-labels-arent-available-for-assignment-on-a-group Quote: "You can revoke a mail that you sent to a single recipient that uses a social account such as gmail.com or yahoo.com. In other words, you can revoke an email sent to a single recipient that received the link-based experience. You cannot revoke a mail that you sent to a recipient that uses a work or school account from Microsoft 365 or a user that uses a Microsoft account, for example, an outlook.com account."

The message revocation feature isn’t that a Advance Message Encryption feature that’s not available in OME ?

Step 1: Run the Message Trace first and capture Message ID Step 2 : Set-OMEMessageRevocation -"MessageId " -Revoke $true Tricky

hot take use new-compliance search and do a hard delete of the result there u go mail just went houdini

In the question, it says contoso.com alreasy uses OME. In order to prevent fabrikam.com user to reach emails sent by user1 in contoso, you can use following cmdlet. Set-OMEMessageRevocation -MessageId "<d96****4c-127b-4**a-ae2e-fa7df****[email protected]>" -Revoke $true So, do you know all MessagID information by yourself? :) No, you need to find it to be able use above cmdlet. As a part of progress, you need to start with get message trace in order to find Mail ID's (for all emails was sent to user2 in fabrikam.com by user1 in contoso.com domain in order to be able use Set-OMEMessageRevocation -MessageId <message-id> :) Isn't it clear?

Hello, Please read the question. It says<You need to prevent [email protected] from accessing the email.> Correct is B

IN EXAM OCTOBER 18TH 2023

The correct answer is B. Run the Set-OMEMessageRevocation cmdlet. To prevent [email protected] from accessing the email that was mistakenly sent by User1, you can use the Set-OMEMessageRevocation cmdlet. This cmdlet is used to revoke access to encrypted messages sent with Office 365 Message Encryption (OME). By running the Set-OMEMessageRevocation cmdlet, you can specify the recipient's email address ([email protected]) and revoke their access to the email. This will prevent them from being able to open or view the encrypted email. Please note that this solution assumes you have administrative access to the Microsoft 365 tenant and the necessary permissions to run the cmdlet.

Verify first if the email is revocable with Get-OMEMessageStatus -MessageId "<message id>" | ft -a Subject, IsRevocable Then revoke the message with Set-OMEMessageRevocation -Revoke $true -MessageId "<messageId>" Check the revocation with Get-OMEMessageStatus again Get-OMEMessageStatus -MessageId "<messageId>" | ft -a Subject, Revoked

Answer is Set-OMEMessageRevocation - However you should note that you can revoke encrypted messages if the recipient received a link-based, branded encrypted email message. If the recipient received a native inline experience in a supported O365/M365/Outlook client, then you can't revoke encryption for the message. https://learn.microsoft.com/en-us/powershell/module/exchange/set-omemessagerevocation?view=exchange-ps

Isnt B supposed to be for Advanced OME? First action should be A

A is the Correct answer. MessageTrace is required to get the Message ID, as explained in the first step: Step 1. Obtain the Message ID of the email identify the Message ID of the email you want to revoke by using "Message Trace". Step 2. Verify that the mail is revocable Get-OMEMessageStatus -MessageId "<message id>" | ft -a Subject, IsRevocable Step 3. Revoke the mail Set-OMEMessageRevocation -Revoke $true -MessageId "<messageId>" To check whether the email was revoked, run the Get-OMEMessageStatus cmdlet as follows: Get-OMEMessageStatus -MessageId "<messageId>" | ft -a Subject, Revoked Ref: https://docs.microsoft.com/en-us/microsoft-365/compliance/revoke-ome-encrypted-mail?view=o365-worldwide#to-identify-the-message-id-of-the-email-you-want-to-revoke-by-using-message-trace-in-the-security--compliance-center

I wrote the exam today, this question was on it, I choose B, scored 890!

Set-OMEMessageRevocation

Looking into this further, my instinct would be to run the get-messagetrace cmdlet first. However, doing this would not stop the user from accessing the email. The question specfically states that YOU need to prevent user2 from accessing the email. As a result of this, we are left with B or E as running the get-messagetrace cmdlet wouldnt actually prevent user2 from accessing the email. E would work, however the question asks YOU to prevent user2 from accessing the email. As a result of what is being asked for here the answer is to run the set-OMEMessageRevocation cmdlet. "Use the Set-OMEMessageRevocation cmdlet to revoke Microsoft 365 Message Encryption (OME) for a message. Revoking encryption prevents the recipient from viewing the message in the Office 365 Message Encryption portal". https://docs.microsoft.com/en-us/powershell/module/exchange/set-omemessagerevocation?view=exchange-ps Therefore, the answer is B - run the Set-OMEMessageRevocation cmdlet.