Microsoft Security, Compliance, and Identity Fundamentals — Question 45

Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

Answer options

• A. network security groups (NSGs)
• B. Azure AD Privileged Identity Management (PIM)
• C. conditional access policies
• D. resource locks

Correct answer: C

Explanation

The correct answer is C, conditional access policies, as they enable organizations to enforce access controls based on specific conditions like device compliance. Options A, B, and D do not provide the capability to manage access based on device compliance or Intune management, making them unsuitable for this purpose.