Setup conditional access

Requirements

Create a device compliance policy

Open a browser and sign in to your Microsoft Intune.
Click Device compliance > Policies
Click Create Policy
Set Platform to iOS/iPadOS or Android Enterprise depending on your use case.
ClickSettings > Device Health
Set Require the device to be at or under the Device Threat Level to Secured.
This setting will determine the tolerable device threat level as dictated by BETTER MTD's threat evaluation. You may set the value to other thanSecuredat your own discretion.
Click OK > OK > OK> Create. Now assign the policy to the relevant users/groups and you're done.

Create a conditional access policy

Open a browser and sign in to your Microsoft Intune.
Click Conditional access > New Policy
Click Conditions > Sign-in risk
Set Configure to Yes
Set the Sign-in risk to No risk
Click Select > Done
Click Grant
Select Grant access & Require device to be marked as compliant
Click Select
Set Enable policy to On to put the policy into effect upon creation.
Click Create . Now assign the policy to the relevant users/groups and you're done.