Your organization uses Microsoft Intune to manage devices. You need to ensure that only devices with a minimum OS version can access corporate email via Microsoft Outlook for iOS. Which policy type should you configure?
App protection policies can require a minimum OS version for managed apps.
Why this answer
Option D is correct because App Protection Policies (MAM) allow you to target specific apps like Microsoft Outlook for iOS with conditional launch settings, including minimum OS version requirements. This policy applies at the app layer without requiring device enrollment, making it ideal for controlling access to corporate data in Outlook on iOS devices based on OS version.
Exam trap
The trap here is that candidates often confuse Device Compliance Policies (Option C) with app-level OS version controls, not realizing that MAM policies can enforce OS version requirements directly on the app without device enrollment.
How to eliminate wrong answers
Option A is wrong because Device Configuration Policies manage device settings (e.g., Wi-Fi, VPN, restrictions) but do not enforce OS version requirements for app-level access. Option B is wrong because Conditional Access policies control access at the authentication layer (e.g., requiring compliant devices) but cannot enforce a minimum OS version specifically for the Outlook app on iOS without device compliance integration. Option C is wrong because Device Compliance Policies evaluate device-level compliance (e.g., OS version, jailbreak status) but require device enrollment and are not app-specific; they would block all access from non-compliant devices, not just Outlook.