Microsoft Endpoint Administrator — Question 329

Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection.
The company's security policy states the following:

• Personal devices do not need to be enrolled in Intune.
• Users must authenticate by using a PIN before they can access corporate email data.
• Users can use their personal iOS and Android devices to access corporate cloud services.
• Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

Answer options

• A. a device configuration profile from the Microsoft Intune admin center
• B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal
• C. an insider risk management policy from the Microsoft Purview compliance portal
• D. an app protection policy from the Microsoft Intune admin center

Correct answer: D

Explanation

The correct answer is D because an app protection policy from Microsoft Intune allows the enforcement of security measures, such as requiring a PIN for access and preventing data from being copied to unauthorized storage. The other options, while relevant to security and compliance, do not specifically address the need to enforce PIN authentication and restrict data sharing as required by the company's policy.