You are a security architect for a retail company that uses Microsoft 365 and Azure. The company has a large number of remote employees who use both company-managed and personal devices. You need to design a solution to ensure that only compliant devices can access corporate email (Exchange Online) and files (SharePoint Online). The company has Microsoft Intune and Microsoft Entra ID P1 licenses. You need to implement device-based conditional access. What should you do?
Combines device compliance with conditional access.
Why this answer
Option B is correct because Intune compliance policies define device health requirements, and Conditional Access policies enforce access based on compliance. Option A is wrong because app protection policies are for mobile application management (MAM) without device enrollment, but the requirement is device-based. Option C is wrong because device enrollment itself does not enforce compliance.
Option D is wrong because Configuration Manager is for on-premises management, not cloud devices.