Your organization has a Microsoft 365 tenant with AD Connect syncing your on-premises AD to Microsoft 365. All computers are running Windows 10 and are configured to use Microsoft Intune.
You've been tasked with protecting the VPN. Your manager has asked you to require every computer connecting to the VPN is marked as compliant.
What do you need to do first?
It's not very common so it's not included in the documents in this training but the correct steps are: Create a root certificate in Azure AD > Deploy the conditional access root certificate to on-premises AD > Configure the Conditional Access policy in Azure AD > Create an OMA-DM based VPNv2 Profile for Windows 10 devices.