You plan to allow users to run internal applications from outside the company’s network. You have a
Windows Server 2012 R2 that has the Active Directory Federation Services (AD FS) role installed. You
must secure on-premises resources by using multi-factor authentication (MFA). You need to design a
solution to enforce different access levels for users with personal Windows 8.1 or iOS 8 devices.
Solution: You install a local instance of MFA Server and connect it to your Microsoft Azure MFA provider.
Then, you use the Workplace Join process to configure access for personal devices to the on-premises
resources.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
Setting up on-premises conditional access using Azure Active Directory Device Registration
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-conditional-access-onpremises-setup/
I think this is No. You need InTune to enforce different access levels