Microsoft 365 Fundamentals — Question 17

You deploy Enterprise Mobility + Security E5 and assign Microsoft 365 licenses to all employees.
Employees must not be able to share documents or forward emails that contain sensitive information outside the company.
You need to enforce the file sharing restrictions.
What should you do?

Answer options

• A. Use Microsoft Azure Information Protection to define a label. Associate the label with an Azure Rights Management template that prevents the sharing of files or emails that are marked with the label.
• B. Create a Microsoft SharePoint Online content type named Sensitivity. Apply the content type to other content types in Microsoft 365. Create a Microsoft Azure Rights Management template that prevents the sharing of any content where the Sensitivity column value is set to Sensitive.
• C. Use Microsoft Azure Information Rights Protection to define a label. Associate the label with an Active Directory Rights Management template that prevents the sharing of files or emails that are marked with the label.
• D. Create a label named Sensitive. Apply a Data Layer Protection policy that notifies users when their document contains personally identifiable information (PII).

Correct answer: A

Explanation

The correct answer is A because using Microsoft Azure Information Protection to create a label and associating it with an Azure Rights Management template effectively enforces sharing restrictions for sensitive information. Option B is incorrect as it relies on SharePoint content types, which do not directly enforce sharing restrictions. Option C is also wrong because it mentions Active Directory Rights Management instead of Azure Rights Management. Option D focuses on notification rather than prevention of sharing, making it insufficient for the requirements.