SC-401 Question #217: Real Exam Question with Answer & Explanation

Question

You have a Microsoft 365 E5 subscription. You plan to create an exact data match (EDM) classifier named EDM1. You need to grant permissions to hash and upload the sensitive information source table for EDM1. What should you create first?

Options

• Aa Microsoft 365 group named EDM_DataUploaders
• Ba Microsoft Entra enterprise application named EDM_DataUploaders
• Ca Microsoft Entra app registration named EDM_DataUploaders
• Da Microsoft Purview role group named EDM_DataUploaders
• Ea security group named EDM_DataUploaders

Explanation

To grant permissions for hashing and uploading an EDM sensitive data table, you must first create a security group that will be added to the built-in EDM_DataUploaders role group in Microsoft Purview.

Common mistakes.

• A. A Microsoft 365 group is not the appropriate group type for EDM permissions - Microsoft documentation specifically requires a security group or mail-enabled security group for this role.
• B. A Microsoft Entra enterprise application is used for service-principal-based application access and is not part of the EDM data upload permission model.
• C. A Microsoft Entra app registration is an application identity construct used for OAuth authentication, not for granting human users permissions to hash and upload EDM source tables.
• D. The EDM_DataUploaders role group already exists as a built-in role group in Microsoft Purview and does not need to be created - only members need to be added to it.

Concept tested. EDM classifier data uploader permissions and role group setup

Reference. https://learn.microsoft.com/en-us/purview/sit-get-started-exact-data-match-based-sits-overview

No community discussion yet for this question.