What should you recommend?

Topic 2, Litware Case Study

Overview

Existing Environment

On-premises Infrastructure

The network contains an Active Directory forest named litwareinc.com that contains a child domain for each region.

All domain controllers run Windows Server 2012. The main office sync identities to Microsoft Azure Active Directory (Azure AD) by using Azure AD Connect. All user accounts are created in the on-premises Active Directory and sync to Azure AD.

Each office contains the following servers and client computers:

– A domain controller that runs Windows Server 2012

– A file server that runs Windows Server 2012

– Client computers that run Windows 10

Currently, all content created by users is stored locally on file servers.

Cloud Infrastructure

Litware is moving the content from the file server to Microsoft Office 365. The company purchases 4, 500 Microsoft 365 E5 licenses. Litware uses Microsoft Exchange Online for email.

Problem Statements

Litware identifies the following issues:

– Finding content and people within the organization is difficult

– Users cannot access company data from outside the corporate network

– Content recovery is slow because all the content is still on-premises

– Data security is compromised because users can copy company content to USB drives

– The locally stored content is not classified as confidential and users can email documents to

external people

– Users must frequently contact the HR department to find employees within the organization who have relevant skills

– Users can delete content indiscriminately and without recourse as they have full control of the content on the file servers

Requirements

Business Goals

Litware identities the following strategic initiatives to remain competitive:

– All content must be stored centrally

– Access to content must be based on the user’s

– Users must be able to work on content offline

– Users must be able to share content externally

– Content must be accessible from mobile devices

– Content classifications must include a physical location

– Content must be retained and protected based on its type

– Litware must adhere to highly confidential regulatory standards that include:

– Users must be able to search for content and people across the entire organization

– Content classification metadata must adhere to naming conventions specified by the IT department

– Users must be able to access content quickly without having to review many pages of search results to find documents

– Security rules must be implemented so that user access can be revoked if a user share confidential content with external users

Planned Changes

Litware plans to implement the following changes:

– Move all department content to Microsoft SharePoint Online

– Move all user content to Microsoft OneDrive for Business

– Restrict user access based on location and device

Technical Requirements

Litware identifies the following technical requirements:

– All on-premises documents (approximately one million documents) must be migrated to the SharePoint document library of their respective department

– Each department must have its own term store group. Stakeholders must be notified when term sets are moved or deleted

– All the OneDrive content a user must be retained for a minimum of 180 days after the user has left the organization

– All external users must be added explicitly to Office 365 groups to give the users access to SharePoint team sites

– Office 365 groups must be used as the primary membership service for Microsoft Yammer, Teams, and SharePoint

– A user named Admin1 must be allowed to consume apps in the App Catalog and to add additional app licenses

– Viewers must be prevented from printing documents that are stored in a modern site named Finance

– Users must be prevented from printing content accessed in OneDrive form iOS and Android devices

– Retention, protection, and security policies must be implemented for all content stored online

– All offices must use the Managed Metadata Service to classify documents uploaded to SharePoint

– The Azure Information Protection client must be deployed to all domain-joined computers

– Searches must show results only when the result set is complete

– OneDrive must be used to work with documents offline

– Solutions must use the principle of least privilege whenever possible

You need to recommend a solution for the documents stored in the Finance site.

What should you recommend?
A . Enable Azure Information Protection policy labeling
B . For each library, enable sensitivity labeling that uses protection
C . Enable an Information Rights Management (IRM) policy for the libraries
D . From Settings in the SharePoint admin center, enable Information Rights Management (IRM) for SharePoint Online

View Answer

Answer: B

Explanation:

Scenario: The locally stored content is not classified as confidential and users can email documents to external people

Apply Azure Information Protection to protect files in a highly confidential SharePoint Online team site. Configure Azure Information Protection with a new scoped policy and sub-label for protection and permissions of your highly confidential SharePoint Online team site.

Note: Details:

References: https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with­azure-information-protection