Your company has an Office 365 tenant for communications and collaboration. The company has also an Azure subscription with an Azure Active Directory (Azure AD) Premium tenant. The company also has an on-premises Active Directory Domain Services (AD DS) domain.
The security policies of your company allow access to cloud applications from employee-owned devices. The security policies require that access to any Office 365 application from a mobile device be limited to users who have enrolled and registered their devices in the corporate Azure AD tenant. The policy applies only to iOS or Android devices.
You need create a conditional access policy to implement the security policy for Microsoft Office 365 Exchange Online to meet the requirements.
Which four conditions should you configure? Each correct answer presents part of the solution.
You should configure the following conditions:
* Users and groups
* Cloud apps
* Device platform
* Client apps
The Users and groups condition must always be present when you configure a conditional access policy. With this condition you control the user or group of users that the policy will affect.
You need to configure the Cloud apps condition to affect only Microsoft Office 365 Exchange Online. You could also add other Microsoft Office 365 web app applications or third-party applications that are connected to Azure AD or use the Azure AD Application Proxy.
You need to apply the Device platform condition so the policy affects only Android and iOS devices. You can use this condition to control the device platform that will be affected by the policy. Other device platforms are Windows Phone, Windows, or macOS.
You should use the Client apps condition to control which client application can access to the application. For this specific case, you should select mobile apps and desktop clients.
You should not use a Sign-in risk condition. This condition evaluates the likelihood that the sign-in attempt is being performed by a non-legitimate user. The calculation of this likelihood value is performed during the sign-in process.
You should not use a Device state condition. This condition is used to control access based on whether the device has been marked as compliant or whether it is a device joined to hybrid Azure AD.
You should not use a Location condition. You use this condition when you want to restrict access to your cloud apps from specific regions or countries.
You should not use Require device to be marked as compliant. This is a grant option, not a condition. This option will allow access to the cloud app only to managed devices.
You should not use Require approved client app. This is a grant option, not a condition. This option grants access only to those applications that have been approved by Microsoft.