🔥 3-day streak
Microsoft Identity and Access Administrator27 / 126
Question 27 of 126

Contoso wants to ensure that administrators can only perform actions in the Microsoft Entra admin center from corporate-owned devices marked as compliant. Some administrators also carry personal laptops that are Entra registered but not compliant. You must build a single Conditional Access policy that blocks access to admin portals unless the sign-in comes from a compliant device, and this restriction should apply only when users are actively using a privileged directory role. Which combination of policy assignments and conditions should you configure?

Reviewed for accuracy · Report an issueNext question