A company uses Microsoft Intune to manage iOS devices. They want to enforce a policy that requires a passcode of at least 6 characters and auto-lock after 5 minutes. Which configuration profile type should they use?
Device restrictions contain security settings like passcode and auto-lock.
Why this answer
A Device restrictions profile is the correct configuration profile type because it contains the security settings for iOS devices, including passcode requirements (minimum length, complexity) and device lock timeouts (auto-lock after minutes). This profile type enforces device-level security policies directly managed by Intune, making it the appropriate choice for requiring a 6-character passcode and 5-minute auto-lock.
Exam trap
The trap here is that candidates often confuse Device restrictions profiles with Compliance policies, but Compliance policies evaluate settings after they are applied, whereas Device restrictions profiles actually enforce the settings on the device.
How to eliminate wrong answers
Option B is wrong because a Wi-Fi profile is used to configure wireless network settings (SSID, authentication, certificates) and does not include passcode or auto-lock policies. Option C is wrong because a VPN profile configures virtual private network connections (server address, tunneling protocol, authentication) and has no settings for device passcode or lock timeout. Option D is wrong because an Email profile configures email account settings (server, username, SSL) and does not enforce device-level security policies like passcode length or auto-lock.