DECK 3 Flashcards
Office file types that support sensitivity labels are .docx and .xlsx
Office versions requiring an add-in for sensitivity labels are Office 2016 and….
Sensitivity labels aren’t visible in apps to users in other orgs or guest
Documents and emails can have both a sensitivity label and a…
-Office 2019
-retention label
Among others, sensitivity labels can encrypt an email, apply watermarks, and be used to….
Labels need scopes, such as what apps/services the label can be used for.
Labels need priorities. Lowest restrictive is at top, most restrictive is at bottom
-allow some to mod a document while others can only read.
Sublabels are what the user chooses. If a label has a sublabel, the parent label…
Label policies need to be created after making label.
-……records prevent an item from being deleted, even by global admins
-can’t be chosen
-regulatory
Content CANNOT be defined for Exchange in you DLP policy if you choose….
-retention labels
SENSITIVITY LABELS
On the DLP chart, what is the only content that CANNOT be defined by a sensitivity label?
On the DLP chart, only sharepoint and one drive has content that can be defined by a… label
https://learn.microsoft.com/en-us/purview/dlp-policy-reference#location-support-for-how-content-can-be-defined
-Teams
Retention
Mail enabled security, security, and 365 groups can all be used to assign the Endpoint Security Manager role
If you are a user admin SPECIFICALLY for a group/admin unit, you can only reset the passwords of that unit.
Signing users out for inactivity is found in…settings.
Intergrating tools (support integration) is found in Org settings
Devices that match more than 1 group take on which group?
Privacy/security
Highest ranked
Global AND Security admins can turn on RBAC
Windows 10 and later and Server 2019 and later can do discovery
….discovery allows onboarded devices in Defender for Endpoint to PASSIVELY (NO NETWORK TRAFFIC) discover unmanaged devices
standard discovery uses a little net traffic to probe devices to ENRICH data found from basic discovery.
Discovery can be turned off
Use local scripts to onboard MacOS devices in INTUNE
Licenses can be assigned to ANY security group, including…
When creating reports, you can choose the columns for different apps or services
-M365 groups that are security enabled
Entra Connect Health needs to be installed on ALL on premises servers. It monitors health of servers. What license do you need?
Only fully setup domains can receive inbound emails. But, fully setup domains and domains with….
can have usernames added
-Teams files are stored in…
-P1
-incomplete services
-sharepoint
To view stats on teams storage usage you must go to Sharepoint site usage report
Changing primary domain WONT change usernames of existing users
Verifying a root domain automatically verifies what?
-sub domains (but each subdomain needs enterpriseregristation DNS records)
Can’t delete custom domains if ANY resource in ORG relies on it. Also, best to use a global admin account that uses either the default domain (onmicrosoft.com) OR…
Set-AzureADDomain= updates a domain
New-AzureADDomain=creates a domain
….-AzureADDomainName Reference= retrieves objects that are referenced by a given domain name
-different custom domain
-Get
Azure monitor workbooks support KQL and retain reports for a year.
it is found in Azure portal > monitor> workbooks
Standard roles with access to the workbooks are Monitoring Reader and…
-Monitoring Contributor
Endpoint Analytics is part of adoption score. They give…
Devices can enroll in Endpoint via Configuration Managment or…
Windows 10 1903 or later and July 2021 cumulative updated are needed for Endpoint
-insight on user experience
-Intune