Question 14 - Microsoft SC-401 Real Exam Questions [Jan 2026 Update]

Q: 14

You have a Microsoft 365 E5 subscription that contains a Microsoft Teams channel named Channel1. Channel1 contains research and development documents. You plan to implement Microsoft 365 Copilot for the subscription. You need to prevent the contents of files stored in Channel1 from being included in answers generated by Copilot and shown to unauthorized users. What should you use?

Options

Correct Answer:

Explanation

Microsoft 365 Copilot operates within the user's security context and respects all existing access controls and permissions. Sensitivity labels are the primary mechanism in Microsoft Purview for classifying data and applying protection policies, including encryption and access rights. By applying a restrictive sensitivity label to the documents in Channel1, you ensure that only authorized users can decrypt and view the content. Consequently, Copilot will not be able to access this content and include it in responses for any user who lacks the necessary permissions defined by the label, directly fulfilling the requirement.

Why Incorrect

A. data loss prevention (DLP): DLP policies are designed to prevent data exfiltration or improper sharing (e.g., blocking emails with sensitive data), not to control an internal service's access to content for authorized users.

B. Microsoft Purview insider risk management: This tool focuses on detecting and managing risky user behaviors and activities, not on applying persistent access controls directly to data items.

C. Microsoft Purview Information Barriers: These are used to restrict communication and collaboration between specific groups of users, not to control access to file content based on its sensitivity.

References

1. Microsoft Learn. "Data

Privacy

and Security for Microsoft 365 Copilot." This document explicitly states

"The protections you’ve configured with sensitivity labels... are respected by Copilot for Microsoft 365. For example

if you’ve applied a sensitivity label to a document that encrypts it

a user who doesn’t have permissions to decrypt that document can’t use Copilot for Microsoft 365 to summarize it."

URL: https://learn.microsoft.com/en-us/microsoft-365-copilot/microsoft-365-copilot-privacy

2. Microsoft Learn. "Get your organization ready for Microsoft 365 Copilot." This guide recommends implementing data protection controls

specifically mentioning sensitivity labels

as a key step to prepare for Copilot. It advises

"Use sensitivity labels to apply protection policies like encryption to your most sensitive content."

URL: https://learn.microsoft.com/en-us/microsoft-365-copilot/get-ready-for-microsoft-365-copilot

3. Microsoft Learn. "Learn about sensitivity labels." This document details how sensitivity labels work to classify and protect data by applying markings and encryption

which forms the basis of the access control that Copilot respects.

URL: https://learn.microsoft.com/en-us/purview/sensitivity-labels

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE