With Windows 10, Microsoft has introduced an advanced protection system integrated with Windows Defender caller Windows Defender Advanced Threat Protection (WDATP) (see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection to know more).
Now, with Intune you can also use Windows Defender ATP status to allow/deny access to resources.
To use Windows Defender ATP in your conditional access, go to your Azure ARM portal (https://portal.azure.com) and access your Intune\Device Compliance configuration blade
Access the policies blade and create a new compliance requirement as follow:
The device threat levels are going from Secured (highest security level) to Low
Any Windows 10 devices with WDATP with a threat level higher than the one defined here will be denied to access the resources.
This blog is using tracking code for analytics purpose.
No personal data are stored and maintained.