HOTSPOT You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are configured as shown in the following table. 
You plan to perform the following device management tasks in Microsoft Endpoint Manager: Deploy a VPN connection by using a VPN device configuration profile. Configure security settings by using an Endpoint Protection device configuration profile. You support the management tasks. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
VPN config profile: Device1, Device2, Device3
Endpoint Protection profile: Device1 only
Had something like this in a mock. VPN profiles work across Windows, iOS, Android but Endpoint Protection is just for Windows here. Pretty sure that's right but let me know if you think differently.
Table makes it super clear. VPN config can go to Device1, Device2, and Device3 since Intune supports all those OS types for VPN profiles. Endpoint Protection profile goes to Device1 only, as that's Windows 10. Great illustrative question.
Yep, that's what I've seen in Microsoft docs and practice tests: VPN profile can go to Device1, Device2, and Device3, but Endpoint Protection profile is for Device1 only since it's Windows. If you used custom profiles or different policy types there'd be more flexibility I think. Anyone disagree?
Endpoint Protection: Device1 only
VPN config profile: Device1, Device2, Device3. Endpoint Protection: just Device1. I don't think the Endpoint Protection profile works on Android or iOS, that's a common trap answer here from similar practice sets.
