
Explanation:
Box 1: Document fingerprinting
Identifies Office documents that contain customer addresses and phone numbers sourced from DB1 Document fingerprinting is a Microsoft Purview feature that takes a standard form that you provide and creates a sensitive information type (SIT) based on that form. Document fingerprinting makes it easier for you to protect sensitive information by identifying standard forms that are used throughout your organization.
Document fingerprinting includes the following benefits:
SITs created from document fingerprinting can be used as a detection method in DLP policies scoped to Exchange, SharePoint, OneDrive, Teams, and Devices.
Etc.
Box 2: Microsoft Purview insider risk management
Generates an alert if a user downloads an above average number of files that contain data from DB1 Microsoft Purview, Configure intelligent detections in insider risk management Use can use the Intelligent detections setting in Microsoft Purview Insider Risk Management to:
* Boost the score for unusual file download activities by entering a minimum number of daily events.
* Etc.
File activity detection
You can use this section to specify the number of daily events required to boost the risk score for download activity that's considered unusual for a user. For example, if you enter "25", if a user downloads 10 files on average over the previous 30 days, but a policy detects that they downloaded 20 files on one day, the score for that activity won't be boosted even though it's unusual for that user because the number of files they downloaded that day was less than 25.
Reference:
https://learn.microsoft.com/en-us/purview/sit-document-fingerprinting
https://learn.microsoft.com/en-us/purview/insider-risk-management-settings-intelligent-detections