Your organization has Windows 11 devices used by remote employees. You need to ensure that only devices compliant with your security policies can access corporate email via Microsoft Outlook for Windows. What should you configure?
Trap 1: Set up a device compliance policy in Microsoft Purview to block…
Microsoft Purview does not handle device compliance for access control; that is Intune's role.
Trap 2: Configure a device filter in Exchange Online to block devices that…
Device filters in Exchange Online do not evaluate Intune compliance status.
Trap 3: Deploy an email security policy via Intune to block access from…
Intune email profiles do not enforce compliance-based access blocking.
- A
Set up a device compliance policy in Microsoft Purview to block non-compliant devices.
Why wrong: Microsoft Purview does not handle device compliance for access control; that is Intune's role.
- B
Create a Conditional Access policy in Microsoft Entra ID that requires device compliance, and assign the policy to the cloud app 'Office 365 Exchange Online'.
This correctly combines Intune compliance with Entra ID Conditional Access to block non-compliant devices.
- C
Configure a device filter in Exchange Online to block devices that are not managed by Intune.
Why wrong: Device filters in Exchange Online do not evaluate Intune compliance status.
- D
Deploy an email security policy via Intune to block access from non-compliant devices.
Why wrong: Intune email profiles do not enforce compliance-based access blocking.