You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain United States passport numbers. Users report that they cannot upload documents to a travel management website because of the policy. You need to ensure that the users can upload the documents to the travel management website. The solution must prevent the protected content from being uploaded to other locations. Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure? 

Answer options:

A. Unallowed browsers
B. File path exclusions
C. Unallowed apps
D. Service domains

D

You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge. ✑ If the list mode is set to Block, then user will not be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item. ✑ If the list mode is set to Allow, then users will be able to upload sensitive items only to those domains, and upload access to all other domains is not allowed. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide