Basically compliance policies is enough to ensure a device to be compliant when enrolling in Intune. Speak more deeply, If you set Conditional Access Policy, Compliance Policy and Conditional Access Policy are mutually binding with each other. For example, when you use Conditional Access, you can configure your Conditional Access policies to use the results of your device compliance policies to determine which devices can access your organizational resources. This access control is in addition to and separate from the actions for noncompliance that you include in your device compliance policies.
When a device enrolls in Intune it registers in Azure AD. The compliance status for devices is reported to Azure AD. If your Conditional Access policies have Access controls set to Require device to be marked as compliant, Conditional access uses that compliance status to determine whether to grant or block access to email and other organization resources.
If you’ll use device compliance status with Conditional Access policies, review how your tenant has configured Mark devices with no compliance policy assigned as, which you manage under Compliance policy settings.
Reference: https://video2.skills-academy.com/en-us/mem/intune/protect/device-compliance-get-started