Communication Compliance, IRM and Priva

Question 1

With which systems is Communication Compliance compatible?

Answer 1

Teams, Exchange, Viva and third-party sources

Question 2

What is the purpose of Communication Compliance?

Answer 2

To ensure users communicate appropriately according to corporate policies, risk management and/or regulatory compliance such as FINRA

Question 3

What are the 6 policy templates when creating a communication compliance policy?

Answer 3

Detect inappropriate text/image/content
Detect SIT
Detect financial regulatory compliance
Detect conflict of interest
Detect Copilot interactions
Custom

Question 4

What are the steps when creating a Communication Compliance policy?

Answer 4

1) Template
2) Users/groups and reviewers
3) Locations
4) Communication direction
5) Conditions
6) OCR ON/OFF
7) Review percentage
8) Filter email blast ON/OFF

Question 5

In which Purview solutions can cases can be escalated to an eDiscovery cases?

Answer 5

Communication Compliance
Insider Risk Management

Question 6

Which Purview solution can only be created in the portal and not in PowerShell?

Answer 6

Communication Compliance
Insider Risk Management
Privacy Risk Management
Data Subject Request
Trainable Classifiers

Question 7

Which portal should you use to disable the “Report inappropriate” option (which is enabled by default)?

Answer 7

Teams Admin Centre

Question 8

What are the two possible role groups that reviewers of Communication Compliance need to be assigned to?

Answer 8

Communication Compliance Analysts
Communication Compliance Investigators

Question 9

If you select a distribution list when creating a Communication Compliance policy, are the individual mailboxes of the members being scanned?

Answer 9

Yes

Question 10

Which Purview solutions require auditing to be turned on?

Answer 10

Sensitivity labels
Communication Compliance
Insider Risk Management
Information Barrier

Question 11

What are two functionalities that you can use to reduce the amount of alerts?

Answer 11

Filter
Duplicate analysis

Question 12

What are the possible remediation actions for a communication compliance alert?

Answer 12

Resolve
False Positive
Notify
Escalate to ediscovery case

Question 13

What are some uses cases for Insider Risk Management?

Answer 13

Insider trading
Regulatory compliance violation
Data leakage
IP theft

Question 14

What is the workflow for Insider Risk Management?

Answer 14

1. Define policies
2. Review and triage alerts
3. Assign alerts to a case
4. Investigate from case dashboard
5. Escalate the case into a eDiscovery Premium case or with a SIEM service via the API

Question 15

What are the steps when creating an IRM policy?

Answer 15

Select template
Select Users/Groups
Content to prioritize (optional) based o location/classification
Triggering Event (e.g., DLP policy)
Indicators
Threshold before alert is triggered

Question 16

Which technologies does the Insider Risk Management reply on?

Answer 16

Microsoft Graph (API to access data from different systems)
Security services
Connector to HR services

Question 17

What are the two policy templates available in IRM?

Answer 17

1) Data theft by departing users
2) Data leaks + by risk/priority users
3) Security policy violations + by departing/risky/priority users
4) Health record misuse
5) Risk browser usage

Question 18

What should you do if you want to anonymize users in the alerts generated by IRM policies?

Answer 18

This is configured in the IRM general settings, that apply to all IRM policies, similar as policies timeframe and file type exclusions

Question 19

How long does it take for audit to be effective after being turned on?

Answer 19

60 minutes

Question 20

Which role group is able to create, read, update, delete IRM policies, settings and role group assignments?

Answer 20

IRM Admin

Question 21

Which role group is able to access IRM alerts, cases and notice templates but not content search?

Answer 21

IRM Analyst

Question 21

Which role group is able to access IRM alerts, cases and notice templates and content search?

Answer 21

IRM Investigator

Question 21

What is the difference between the IRM Analyst and IRM Investigator role groups?

Answer 21

They can both access alerts, cases and notice templates, but only the Investigator can access content search

Question 22

What is one requirements before creating a IRM policy?

Answer 22

Turn on indicators

Question 22

What are the possible status for an IRM alert?

Answer 22

Confirmed Dismissed Needs Review Resolved

Question 22

Is it possible to customize alert risk scores?

Answer 22

No

Question 22

Which role groups are assigned as permanent contributors by default to IRM cases?

Answer 22

IRM Analyst IRM Investigator

Question 22

What are the two types of contributors to an IRM case?

Answer 22

Permanent Temporary (can be added by the Permanent ones)

Question 23

What are the two roles that can access Content Explorer inside IRM and how are they different

Answer 23

Content Explorer List View (can only see the list of items and location) Content Explorer Content View (can also access the actual content)

Question 23

What are the possible resolution status a IRM case can take?

Answer 23

Benign Confirmed policy violation

Question 24

What is Forensic Evidence functionality?

Answer 24

It enables visual activity capturing across devices

Question 25

What is the volume limitation of captured clips using Forensic evidence?

Answer 25

20GB

Question 26

Which Purview functionality requires dual authorization?

Answer 26

Forensic capture as part of IRM

Question 27

Which role group approves requests to use Forensic capture?

Answer 27

IRM Approver

Question 28

What are the steps to take before being able to enable Forensic evidence content capturing? (6)

Answer 28

1) Confirm subscription (special subscription on top of E5) 2) Add compliancedrive.microsoft.com to allow list of firewall 3) Configure devices (onboard devices and have Purview client installed) 4) Define settings eg. bandwidth 5) Create a policy i.e., scope of capture 6) Dual authorization

Question 29

Which roles submit a request for Forensic evidence content capture?

Answer 29

IRM and IRM Admin

Question 30

What is Device Health Report?

Answer 30

It monitors health and status of devices configured for forensic evidences

Question 31

Which M365 service is not supported by Information Barrier, and what should you use instead?

Answer 31

Exchange, you should use mail flows

Question 32

What are segments in Information Barrier?

Answer 32

Set of groups or users defined using user account attributes such as job title, team, location

Question 33

How many segments can an organization define?

Answer 33

1000

Question 34

How many segments can one user be assigned to?

Answer 34

One unless you are in multiple-segment mode, then it is 10

Question 35

What are the modes that a Teams can take in Information Barrier?

Answer 35

Open Implicit Owner Moderated

Question 36

What are the modes that a OneDrive can take in Information Barrier?

Answer 36

Open Owner Moderated Explicit Inferred

Question 37

What are the modes that a SharePoint site can take in Information Barrier?

Answer 37

Open Implicit Owner Moderated Explicit

Question 38

What is the Open mode for Information Barrier? (Segment associated, sharing files and adding users)

Answer 38

When there are no associated segments, hence no IB applicable. This is the default for Teams/OD/SP created before enabling IB. Segments: None and cannot be added Sharing files: per the IB policy of the user Adding user: any

Question 39

What is the Inferred mode for Information Barrier? (Segment associated, sharing files and adding users)

Answer 39

Segments associated: User's segment and other segments that are compatible with the user's segment and with each other. The Admin cannot associated any other. Sharing files: Users whose segment match that of the site and unsegmented users Adding users: N/A

Question 40

What is the Implicit mode for Information Barrier? (Segment associated, sharing files and adding users)

Answer 40

Segments associated: User segment and no other can be added Sharing files: Existing members Adding users: SP: only possible in Teams and Teams: if compatible

Question 41

What is the Owner Moderated mode for Information Barrier? (Segment associated, sharing files and adding users)

Answer 41

Segments associated: None and cannot be associated Sharing files: Per the owner IB policy and for SharePoint with existing members Adding users: Per the owner IB policy and for SharePoint with existing members

Question 42

What is the Explicit mode for Information Barrier? (Segment associated, sharing files and adding users)

Answer 42

Segments associated: User's segment and for OneDrive: other segment compatible with the user's and with each other. The admin can add other compatible segments. Sharing files: Users whose segments match that of the site Adding users: Users whose segments match that of the site

Question 43

Does Information Barrier support one-way blocking?

Answer 43

No

Question 44

What are the pre-requisite for the use of Information Barrier? (4)

Answer 44

1) Make sure that your organization's structure is reflected in directory data 2) Enable scoped directory search in Microsoft Teams 3) Enable auditing 4) Provide administrator consent for Microsoft Teams by running some commands in Powershell

Question 45

How many IB policies can one segment have?

Answer 45

One

Question 46

What is the name of the service that determines whether a communication complies with IB policies?

Answer 46

Information Barrier Policy Evaluation Service

Question 47

What is the PowerShell command to enable IB for SharePoint and OneDrive?

Answer 47

run Set-SPOTenant -InformationBarrierSuspension $false

Question 48

What should you pay attention to when associating segments to OneDrive?

Answer 48

If you associate a segment to OneDrive of non-segmented users, they will lose access to their own OneDrive

Question 49

What is the PowerShell command to set a segment to a SharePoint or OneDrive?

Answer 49

Set-SPOSite -Identity -AddInformationSegment

Question 50

How many segments can be assigned to a SharePoint site?

Answer 50

Max 100

Question 51

What are the three types of policies in Priva Privacy Risk Management?

Answer 51

Data overexposure Data transfer policies Data minimisation

Question 52

What is the purpose of the data minimisation policy of Priva?

Answer 52

To identify and reduce the amount of unused personal data in the organisation

Question 53

What are the two functionalities of Microsoft Priva?

Answer 53

Privacy Risk Management Data Subject Request

Question 54

What does the Data overexposure policy of Priva relies on?

Answer 54

1) Classification groups (that are groups of SITs) 2) SITs or trainable classifiers

Question 55

What are the minimum pieces of information you need to have to initiate a DSR?

Answer 55

First name Last name Email address

Question 56

How many days back does the Privacy Risk Management looks for?

Answer 56

30 days

Question 57

What are the steps to create a Privacy Risk Management policy?

Answer 57

Template Data (based on SIT, trainable classifiers or classification groups) Users/Groups Locations Conditions Outcome Alert Mode (test/real)

Question 58

What are the status that a Privacy Risk Management policy can take?

Answer 58

On, Off and Testing

Question 59

When creating a Privacy Risk Management policy, what is the only location where you can select specific places within this location?

Answer 59

SharePoint, where you can specify the sites

Question 60

How long does it take for insights to appear on the "Overview" tab of Privacy Risk Management after turning on a policy?

Answer 60

Up to 48h

Question 61

What are possible remediation actions for a Privacy Risk Management issue? (6)

Answer 61

Notify the owner Apply retention label Apply sensitivity label Mark as not match Delete (for Data Minimisation policy issues) Make private (for Data Transfer and Overexposure policy issues)

Question 62

What can you do with Privacy Risk Management alerts?

Answer 62

Create an issue out of

Question 63

What are the benefits of turning a Privacy Risk Management alert into an issue?

Answer 63

1) Review data, 2) remediate the issue, 3) add people as collaborators

Question 64

What are three ways to share a Privacy Risk Management issue with additional collaborators?

Answer 64

1) Secure Teams channel 2) Email 3) Link to the issue in Priva

Question 65

What are the four types of DSR?

Answer 65

1) Access (summary of the data subject’s personal information held by your organization) 2) Export 3) Get items that were tagged as follow-up during review process 4) Delete

Question 66

What is the workflow for DSR?

Answer 66

1) Create a search 2) Data estimate is generated in the "Data estimate" card in "Overview" 3) Data retrieval is performed 4) Review data from the "Data collected" tab 5) Generate a report 6) Download the reports from the "Reports" tab and share with data subject 7) Close

Question 67

For which reasons would you pause the DSR process between the data estimate and retrieval? (2)

Answer 67

1) If you defined this as part of settings 2) If the estimate yields more than 300K items or 300 GB of data,

Question 68

Where is the result of data retrieval as part of DSR being stored?

Answer 68

Azure Blob Storage container

Question 69

What can you do as part of the review of retrieved data in a DSR?

Answer 69

1) Import additional files 1) Mark items as to Include or Exclude 3) Tag items as Follow-up, Delete or Update 4) Redact data not linked to the data subject on documents containing data of multiple data subjects (e.g., add black boxes)

Question 70

What are the limitations when important additional files to a review set of a DSR?

Answer 70

Files must be less than 500MB each Only one import at the time per user

Question 71

What is being created along with the data collection in a DSR?

Answer 71

A Teams channel, to facilitate the content review

Question 72

What is the suffit being added to redacted documents as part of DSR?

Answer 72

_burn.pdf

Question 73

How long does it take for DSR reports to be generated?

Answer 73

Up to 30min

Question 74

What does the generated DSR reports contain (in addition to the actual data)? (3)

Answer 74

1) Extracted text fields 2) Export load files (original file names, because the files are renamed to help protect personal data) 3) Summary

Question 75

What is the default retention period for DSR reports in Azure?

Answer 75

30 days from request closure

Question 76

What is the main difference between PAM in Purview and in Azure?

Answer 76

In Purview it is a task level In Entra is it a role level

Question 77

What is the default duration of granted access in PAM following just-in-time concept?

Answer 77

4 hours

Question 78

What is the validity of an access request after submission?

Answer 78

24h

Question 79

What is the PAM process?

Answer 79

1) Create approver group 2) Enabled PAM with the default approver group 3) Create an access policy 4) Submit access policy request 5) Approving the access policy request?

Question 80

Where does the PAM process take place?

Answer 80

In O365 Admin Centre

Question 81

What is the purpose of Customer Lockbox?

Answer 81

It ensures that Microsoft engineers cannot access organization data without explicit approval by Microsoft manager and the customer

Question 82

What is the maximum duration of access granted to Microsoft engineers via Customer Lockbox?

Answer 82

4 hours

Question 83

What is the default duration of a Customer Lockbox request?

Answer 83

12 hours

Question 84

What is Adaptive Protection?

Answer 84

A preview feature that uses ML to identify and mitigate most critical risks. It allows the detection of "risky" users, than can the be used to fine-tune DLP and IRM policies.