Exam SC-100 topic 4 question 11 discussion

Sensitivity labels classify PHI. DLP uses those labels to prevent it from leaving the protected environment.

DLP all the way. When you create Labels under DLP you can configure them not to share with people outside of the company.

To prevent Protected Health Information (PHI) from being shared outside the company, particularly within Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive, you should recommend using: B. Data Loss Prevention (DLP) policies Data Loss Prevention policies in Microsoft 365 can help you identify and protect sensitive information like PHI across various applications. These policies can be configured to detect when PHI is being shared and take appropriate actions, such as blocking the sharing or notifying administrators. DLP policies are specifically designed to prevent the accidental or intentional leakage of sensitive data.

To prevent protected health information (PHI) from being shared outside the company in a Microsoft 365 E5 environment, you should recommend: B. Data Loss Prevention (DLP) policies Data Loss Prevention policies in Microsoft 365 are specifically designed to prevent sensitive information, such as PHI, from being shared or leaked outside the organization. You can create DLP policies that scan content in Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive, and then take actions like blocking sharing, encrypting emails, or notifying administrators when a policy violation occurs. This helps ensure that PHI is handled in accordance with compliance and security requirements. Sensitivity label policies (option A) can be used to classify and protect documents, but they may not provide the same level of control over data sharing as DLP policies.

B" should be the answer (DLP policies)

B is the answer. https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, or social security numbers. To help protect this sensitive data and reduce risk, they need a way to prevent their users from inappropriately sharing it with people who shouldn't have it. This practice is called data loss prevention (DLP). In Microsoft Purview, you implement data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across: - Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts

The sensitivity label policy is about who has access and how to access the files. DLP is about whether files can be shared and how they are shared.

Sensitivity labels can be scoped to enforce encryption on domain scope so it's enough.

DLP sounds correct

ABsolutely B. Labels simply categorise, they do not prevent labelled data from being shared. Only DLP policies makes that possible.

I recommend using data loss prevention (DLP) policies to prevent protected health information (PHI) from being shared outside the company. DLP policies in Microsoft 365 allow you to identify, monitor, and protect sensitive information, such as PHI, within your organization. You can create DLP policies that identify PHI within stored documents and communications and then set rules to prevent the PHI from being shared outside the company. For example, you can create a DLP policy that blocks emails containing PHI from being sent to external recipients, or that prevents documents containing PHI from being shared outside the organization. Sensitivity label policies allow you to classify and protect sensitive information, but they do not specifically prevent the information from being shared outside the organization. Insider risk management policies are designed to detect and mitigate risks posed by insider threats, but they are not directly related to preventing the sharing of sensitive information. Retention policies allow you to specify how long certain types of information should be retained, but they do not prevent the sharing of sensitive information.

DLP is the right answer

B. data loss prevention (DLP) policies Most Voted because PREVENT ..

DLP policies

It is certainly DLP policies. https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide

DLP is the correct Answer

DLP Policies