You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Intune.
Devices are enrolled to Microsoft Intune and onboarded by using Microsoft Defender for Endpoint.
You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.
What should you create first?
To block devices based on the machine risk score calculated by Microsoft Defender for Endpoint, the first step is to create a device compliance policy. This policy can be used to define the conditions under which a device is considered compliant or non-compliant based on its risk score. This allows you to enforce compliance checks and take action on non-compliant devices, such as blocking access to resources.
C: Correct Configure a Device compliance policy that takes into consideration the Defender for endpoint to define if device is compliant or not compliant https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#microsoft-defender-for-endpoint-rules
C: Correct Step3: https://learn.microsoft.com/en-us/defender-endpoint/configure-conditional-access