🔥 3-day streak
Microsoft Cybersecurity Architect Expert108 / 158
Question 108 of 158

A financial services firm allows employees to use several sanctioned SaaS applications (including a marketing analytics platform) that are accessed through the browser. The security architect must ensure that when a user attempts to download a file containing customer credit card numbers from any of these SaaS apps to an unmanaged personal device, the download is blocked in near real time — even though the file resides in a third-party SaaS store, not in Microsoft 365. Sensitivity labeling and Microsoft 365 DLP policies are already deployed for SharePoint, OneDrive, and Exchange. Which solution should the architect design to enforce this control?

Reviewed for accuracy · Report an issueNext question