Your organization uses Microsoft Intune to manage devices. You need to configure a policy that automatically retires a device if it does not check in for 30 days. Which policy type should you configure?
Compliance policies can include a grace period and action for non-compliance, including retiring devices after a specified period of inactivity.
Why this answer
A compliance policy in Microsoft Intune can include a 'Maximum days since device last checked in' setting. When a device fails to check in for the specified period (e.g., 30 days), Intune marks it as noncompliant, and a conditional access policy or automated action (such as retiring the device) can be triggered. This directly meets the requirement to automatically retire a device after 30 days of inactivity.
Exam trap
The trap here is that candidates often confuse a device configuration policy (which controls settings) with a compliance policy (which enforces conditions and triggers actions like retirement), leading them to select Option A instead of B.
How to eliminate wrong answers
Option A is wrong because a device configuration policy manages settings like passwords, encryption, and restrictions, but it does not include a check-in timeout or retirement trigger. Option C is wrong because a Windows Update for Business policy controls update deferrals and delivery optimization, not device check-in monitoring or retirement. Option D is wrong because a device health attestation policy verifies boot integrity and security features (e.g., Secure Boot, BitLocker) via the TPM, but it does not enforce a check-in interval or automatic retirement.