You have a Microsoft 365 E5 subscription.
All devices are enrolled in Microsoft Intune.
You create a Conditional Access policy named Policy1 that requires multifactor authentication (MFA).
You need to ensure that Policy1 only applies to devices marked as noncompliant.
Which settings of Policy1 should you configure?
To ensure that a Conditional Access policy applies only to devices marked as noncompliant, you need to configure the 'Filter for devices' settings under 'Conditions'. This allows you to specify criteria about the device state, such as whether the device is compliant or not. Other settings like 'Grant' are used to enforce how access is granted or blocked, but they do not filter devices based on compliance status.
Conditional Access -> Conditions -> Filter for devices -> Property: IsCompliant
Grant is where you do require MFA
the question isn't about where to configure MFA(which would be Grant). It's about device Assignment. ie, devices marked with a specific state.
Correct.
D is correct
Not D, it should be B. Grant is to control access enforcement to block or grant access. Devices --> Conditional access --> Policies --> New policy --> Conditions --> Filter for devices.