Skip to Content

AZ-900: Which Azure Service Ensures Only Compliant Devices Can Access Azure Resources?

By: Author Alex Lim

Posted on

Categories Exam

Which Azure service enforces access to resources based on device compliance with security policies? Learn how Azure AD Conditional Access integrates with device compliance to secure organizational data.

Table of Contents

Question

A company needs to ensure that only devices compliant with security policies can access Azure resources. Which service should they configure?

A. Azure Security Center
B. Azure Policy
C. Azure AD Conditional Access
D. Microsoft Defender for Cloud
E. Azure Bastion

Answer

C. Azure AD Conditional Access

Explanation

Azure AD Conditional Access allows organizations to enforce policies based on device compliance, location, and risk level before granting access.

The service that should be configured to ensure only devices compliant with security policies can access Azure resources is Azure AD Conditional Access.

  • Policy-Based Access Control: Azure AD Conditional Access enables organizations to create policies that evaluate device compliance status before granting access to Azure resources. These policies can require that only devices marked as compliant—typically via Microsoft Intune or approved third-party solutions—are allowed to connect.
  • Integration with Device Compliance: Device compliance is established through Microsoft Intune or other supported management tools. Devices must meet specific security configurations (such as encryption, password requirements, and OS version) to be marked as compliant.
  • Conditional Access Enforcement: When a user attempts to access a protected resource, Conditional Access checks the device’s compliance status. If the device is not compliant, access is denied, and the user is prompted to remediate compliance issues.
  • Granular Controls: Policies can be tailored to users, groups, applications, device platforms, locations, and risk levels, providing flexible enforcement of security requirements.
  • Hybrid and BYOD Support: Azure AD Conditional Access works with both organization-owned and bring-your-own devices, supporting hybrid environments and third-party device compliance integrations.
  • Security Enhancement: This approach ensures that only trusted, policy-compliant devices can access sensitive data, reducing the risk of breaches from unmanaged or insecure endpoints.

Azure AD Conditional Access enforces access controls based on device compliance, ensuring only devices that meet organizational security policies can access Azure resources, supporting robust, policy-driven security for cloud environments.

Microsoft Azure Fundamentals AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Fundamentals AZ-900 exam and earn Microsoft Azure Fundamentals AZ-900 certification.