Microsoft 365 Certified Endpoint Administrator (MD-102) Practice Test

To ensure devices meet compliance before granting access, which Azure AD feature can assist?

• A. Azure AD Identity Protection
• B. Azure AD Privileged Identity Management
• C. Azure AD Conditional Access
• D. Azure AD Connect Health

The correct answer is: Azure AD Conditional Access

The Azure AD Conditional Access feature is designed to help organizations implement policies that evaluate the compliance of devices before granting access to resources. It enables the creation of conditions that must be met for users to access applications and services, such as checking if a device is compliant with defined policies. This can include ensuring that a device is properly enrolled in mobile device management (MDM), running the latest security updates, or using an approved operating system version. By utilizing Conditional Access, an organization can enforce access control based on the compliance status of a device, ensuring that only devices that adhere to specific security standards are allowed to access sensitive data and applications. This is particularly essential in maintaining the security posture of an organization by limiting access based on risk assessments connected with device compliance. The other options serve different purposes: Identity Protection focuses on safeguarding identities through risk-based conditional access based on detected vulnerabilities. Privileged Identity Management is related to managing and controlling administrator permissions. Connect Health is primarily about monitoring the health of on-premises infrastructure related to Azure AD. Each of these features provides valuable capabilities, but for the specific requirement of ensuring device compliance before access is granted, Conditional Access is the appropriate choice.