A healthcare organization uses Microsoft Purview to protect patient health information (PHI). They need to identify sensitive data stored in Microsoft SharePoint Online and prevent unauthorized sharing. Which two Purview solutions should they implement? (Select all that apply.)
Trap 1: Insider Risk Management
Insider Risk Management analyzes user activities for potential data exfiltration but does not directly classify or control sharing.
Trap 2: Communication Compliance
Communication Compliance monitors emails and Teams messages for policy violations like harassment, not for data classification or DLP.
- A
Data Classification
Data Classification (including automatic sensitivity labeling) helps identify and label PHI content in SharePoint Online.
- B
Data Loss Prevention (DLP)
DLP policies can detect and prevent unauthorized sharing of files containing PHI, such as through external sharing links.
- C
Insider Risk Management
Why wrong: Insider Risk Management analyzes user activities for potential data exfiltration but does not directly classify or control sharing.
- D
Communication Compliance
Why wrong: Communication Compliance monitors emails and Teams messages for policy violations like harassment, not for data classification or DLP.