Your company uses Microsoft Defender for Endpoint and Microsoft Intune. You have a group of remote users who connect to the corporate network via VPN. Recently, several of these devices were compromised due to unpatched vulnerabilities. You need to ensure that devices that are missing critical security updates are automatically blocked from accessing corporate resources. The solution must integrate with Microsoft Defender for Endpoint's threat and vulnerability management (TVM) data. What should you configure?
Conditional access can block access based on device compliance, which can be determined by Defender for Endpoint's risk assessment.
Why this answer
Option A is correct because conditional access with device compliance policies can use Defender for Endpoint's risk level to block non-compliant devices. Option B is wrong because Intune compliance policies can mark devices as non-compliant, but the question requires using TVM data; conditional access can use the risk level from Defender for Endpoint. Option C is wrong because VPN configuration does not integrate with TVM data for automatic blocking.
Option D is wrong because requiring all devices to be fully patched is not automatically enforceable without compliance policies.