You have a Microsoft 365 tenant.
You have a database that stores customer details. Each customer has a unique 13-digit identifier that consists of a fixed pattern of numbers and letters.
You need to implement a data loss prevention (DLP) solution that meets the following requirements:
Email messages that contain a single customer identifier can be sent outside your company.
Email messages that contain two or more customer identifiers must be approved by the company's data privacy team.
Which two components should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?
Your network contains an on-premises Active Directory domain named contoso.local that has a forest functional level of Windows Server 2008 R2.
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to install Azure AD Connect and enable single sign-on (SSO).
You need to prepare the domain to support SSO. The solution must minimize administrative effort.
What should you do?
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.
You add assignments to the Security Operator role as shown in the following table.
Which users can activate the Security Operator role?
You create an Azure Sentinel workspace.
You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD).
In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The Azure Sentinel workspace shows the status as shown in the following exhibit.
In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace.
What should you configure in Azure Sentinel to ensure that incidents are created for detected threats?