Your organization has a Microsoft 365 tenant with a default domain of gitbit.org
Your organization's Azure AD contains the following users.
Your organization's Microsoft Endpoint Manager admin center shows the following devices enrolled.
Both devices have three apps named AppA, AppB, and AppC installed.
You create an app protection policy named ProtectionPolicyA that has the following settings:
- Protected apps: AppA
- Exempt apps: AppB
- Windows Information Protection mode: Block
You apply ProtectionPolicyA to GroupA and GroupC. You exclude GroupB from ProtectionPolicyA.
Check the box next to each true statement
Since User2 is a member of Group2 and Group2 is excluded from the policy User2 can copy data from AppA to AppC.
Since AppB is exempt from the policy User1 can copy data from AppA to AppB.
Since User1 is a member of Group1 and Group1 is included in the app protection policy and User1 is not a member of Group2. And since AppA is protected by the app protection policy and AppC is not exempt User1 cannot copy data from AppA to AppC.