Microsoft 365 Administrator — Question 139

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Intune.

Devices are enrolled to Microsoft Intune and onboarded by using Microsoft Defender for Endpoint.

You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.

What should you create first?

Answer options

• A. a device configuration policy
• B. an endpoint detection and response policy
• C. a device compliance policy

Correct answer: C

Explanation

Creating a device compliance policy is essential as it allows you to set the rules for compliance based on the machine risk score. The other options, while important, do not specifically address the requirement to block devices based on their risk scores.