🔥 3-day streak
Microsoft Information Security Administrator47 / 84
Question 47 of 84
Contoso wants its Insider Risk Management policies to detect when a user copies sensitive files to a USB removable device or uploads them to an unsanctioned cloud service. The security team confirms Microsoft Defender for Endpoint is deployed to all managed workstations. After creating a Data Theft policy, the analyst notices that USB and cloud-upload activities are not appearing as detected indicators. What must the analyst configure to enable these device-based signals in Insider Risk Management?
Reviewed for accuracy · Report an issueNext question