Microsoft 365 Administrator — Question 103

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Intune.

Devices are onboarded by using Microsoft Defender for Endpoint.

You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.

What should you create first?

Answer options

• A. a device configuration policy
• B. a device compliance policy
• C. a conditional access policy
• D. an endpoint detection and response policy

Correct answer: B

Explanation

The correct answer is B, a device compliance policy, as it establishes the criteria for compliance which can then be used to enforce access restrictions. The other options do not directly create the framework needed to block devices based on risk scores; a device configuration policy focuses on settings, a conditional access policy is dependent on compliance, and an endpoint detection and response policy deals with threat detection rather than compliance status.