10.4 Data Loss Prevention
Key Takeaways
- Data loss prevention is the Microsoft Purview answer for scenarios about preventing sensitive information from being shared or exposed inappropriately.
- DLP is different from classification visibility, sensitivity labeling, retention, eDiscovery, and audit.
- SC-900 DLP questions usually contain action verbs such as prevent, block, warn, or reduce risky sharing.
- DLP belongs to the compliance and data governance domain, not the identity, SIEM, or network firewall domains.
Prevention Versus Visibility
Data loss prevention, often shortened to DLP, is a Microsoft Purview topic for helping prevent sensitive information from being shared, exposed, or moved in ways that violate organizational expectations. In SC-900, the most important word is prevention. If the scenario says the organization wants to stop or reduce risky sharing of sensitive data, DLP should be near the top of your answer list.
DLP is not the first tool you choose for every data question. Data classification is about understanding what data exists. Content explorer and Activity explorer provide visibility. Sensitivity labels classify or protect content by sensitivity. Retention controls manage lifecycle and records needs. eDiscovery and audit support search and investigation. DLP is the control that responds to risky movement or exposure patterns.
| Scenario verb | Likely Purview answer | Why |
|---|---|---|
| Identify sensitive information | Data classification | The goal is awareness |
| View content or activity | Content explorer or Activity explorer | The goal is visibility |
| Mark content as confidential | Sensitivity labels | The goal is classification or protection |
| Prevent risky sharing | Data loss prevention | The goal is prevention |
| Keep records over time | Retention or records management | The goal is lifecycle governance |
DLP questions may be tempting to answer with security products because the word prevent sounds like a security task. Microsoft Defender products protect endpoints, workloads, apps, identities, and threat intelligence areas. Azure network controls protect network traffic and access paths. Microsoft Purview DLP is different because it is a compliance and data governance control focused on sensitive information handling.
The exam also may place DLP next to sensitivity labels. In practice, labels and DLP can be part of a broader information protection strategy. For SC-900, choose based on the immediate requirement. If the prompt says assign a sensitivity classification, choose labels. If it says prevent sensitive information from leaving or being shared inappropriately, choose DLP. If it says keep content as records, choose retention or records management.
A simple DLP decision checklist:
- The data is sensitive or business critical.
- The organization is worried about exposure, leakage, or inappropriate sharing.
- The desired action is prevention, restriction, warning, or reducing risky movement.
- The answer choices include data loss prevention.
- The scenario is not primarily about investigation, long-term retention, or Microsoft trust documentation.
DLP is a good example of why Purview is more than reporting. Some Purview tools help you understand data. Other Purview tools help you govern it. DLP is on the governing side because it is connected to policy-driven prevention.
In practice questions, DLP is usually the answer only after the scenario makes prevention explicit. If the organization is still trying to find or understand data, classification and explorer capabilities are better matches.
A company wants to help prevent sensitive information from being shared inappropriately. Which Microsoft Purview capability best fits?
Which wording is the strongest clue for DLP?
Why should DLP not be selected for a question about viewing classified content only?