Explanation:
Box 1: No
Policy1 requires encryption, but on June 4 Device1 is configured with No Drive Encryption, so it is not compliant.
Box 2: No
Policy1 requires encryption, but on June 6 Device1 is configured with No Drive Encryption, so it is not compliant.
Box 3: Yes
Both Policy2 and Policy3 applies to Device2. Policy3, which is the most restrictive applies, which result in Mark device as not compliant = 10 days.
Note: If you have deployed multiple compliance policies, Intune uses the most restrictive of these policies.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#how-intune- resolves-policy-conflicts