GitBit
First lessonBlog
Sign Up

Question 4 of 7

Previous QuestionNext Question

Your organization has a Microsoft 365 tenant that's syncing the users and groups from an on-premises AD using AD Connect.

Your company has recently hired a new team of people to manage the sensitivity labels.

Your manager has asked you to configure a new group that will be used for publishing sensitivity labels to pilot users. The group must contain only user accounts (excluding guest accounts). The membership of the group should be automatically updated.

Optional answers

on-premises Active Directory Users and Computers

Microsoft Entra admin center

Microsoft 365 admin center

A security group

A dynamic membership rule set to accountEnabled Equals true

A Microsoft 365 group

A dynamic membership rule set to userType Equals Member

Correct answers

Membership criteria

correct answer here

Where should you create the group?

correct answer here

What type of group should you create?

correct answer here

You can use any group type that has an email address. That includes a mail-enabled security group, a distribution group, or a Microsoft 365 group. You cannot use a security group because it doesn't have an email address.

You can set up a rule for dynamic membership on security groups or Microsoft 365 groups. The criteria should be set to userType -eq "Member"

You must create dynamic groups in Azure AD. Microsoft 365 doesn't have dynamic membership. On-premises dynamic groups don't sync to Microsoft 365.

https://www.gitbit.org/course/ms-500/learn/How-to-classify-data-using-labels-in-Microsoft-365-vLweLmxZf

https://docs.microsoft.com/en-us/azure/information-protection/prepare

Previous QuestionNext Question
Did you like the site?