Microsoft Endpoint Administrator — Question 201

You have a Microsoft 365 E5 subscription.

All devices are enrolled in Microsoft Intune.

You create a Conditional Access policy named Policy1 that requires multifactor authentication (MFA).

You need to ensure that Policy1 only applies to devices marked as noncompliant.

Which settings of Policy1 should you configure?

Answer options

• A. Device platforms under Conditions
• B. Filter for devices under Conditions
• C. Target resources
• D. Grant
• E. Session

Correct answer: B

Explanation

The correct option is B because filtering for devices under Conditions allows you to specify that the policy only targets noncompliant devices. The other options either deal with different aspects of the policy or do not provide the necessary filtering mechanism to limit the policy's application to noncompliant devices.