Microsoft Cybersecurity Architect — Question 79

You have an Azure subscription and a Microsoft 365 subscription. All users are assigned Microsoft 365 E5 licenses. All computers run Windows 11 and are Microsoft Entra joined.

You need to recommend a solution to prevent computers that run early builds of Windows 11 from connecting to Microsoft 365 services.

Which two types of policies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. Microsoft Defender for Endpoint endpoint security policy
• B. Microsoft Defender for Cloud regulatory compliance policy
• C. Microsoft Intune compliance policy
• D. Microsoft Entra ID Protection sign-in risk policy
• E. Microsoft Entra Conditional Access policy

Correct answer: C, E

Explanation

The correct answers, C and E, are appropriate as the Microsoft Intune compliance policy ensures that only compliant devices can access Microsoft 365 services, while the Microsoft Entra Conditional Access policy can enforce restrictions based on the device's compliance state. Options A, B, and D do not specifically address the requirement to manage device compliance concerning early builds of Windows 11.