Skip to Content

Microsoft SC-400: How to Exclude a Folder from Endpoint DLP Monitoring in Microsoft 365?

By: Author Alex Lim

Posted on

Categories Exam

Learn how to prevent specific folders from being monitored by Endpoint data loss prevention policies in Microsoft 365. Follow these step-by-step instructions.

Table of Contents

Question

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username: [email protected]
Microsoft 365 Password: **********

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678

You plan to implement Endpoint data loss prevention (Endpoint DIP) policies for computers that run Windows.

Users have an application named App1 that stores data locally in a folder named C:\app1\data.

You need to prevent the folder from being monitored by Endpoint DIP.

To complete this task, sign in to the appropriate admin center.

Answer

To exclude the C:\app1\data folder from being monitored by Endpoint data loss prevention (DLP) policies:

  1. Sign in to the Microsoft 365 Compliance admin center at https://compliance.microsoft.com using the provided admin credentials ([email protected]).
  2. In the left navigation pane, click on “Data loss prevention” and then select “Endpoint DLP”.
  3. Click on the Endpoint DLP policy that you want to modify, or create a new policy if needed.
  4. Under “Locations”, click on “Edit” next to “Excluded folders”.
  5. In the “Excluded folders” pane that appears on the right, click “Add folder path”.
  6. Enter “C:\app1\data” in the folder path field and click “Add”. This specifies that the App1 data folder should be excluded from DLP monitoring.
  7. Click “Done” to close the Excluded folders pane.
  8. Review your settings and then click “Save” to update the Endpoint DLP policy.

Once the policy is saved and applied, the C:\app1\data folder will no longer be monitored by Endpoint DLP on devices where the policy is deployed. Files in that location will be able to be shared and modified without triggering any DLP policy actions.

It’s important to carefully consider which folders to exclude to ensure sensitive data is still adequately protected. Folder exclusions should be limited to only what is necessary for applications to function properly.

Explanation

Microsoft SC-400 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft SC-400 exam and earn Microsoft SC-400 certification.