@Dale Peterson Thanks for posting in our Q&A. Here are some of my understandings.
For app protection policy, it is not only protect company data on a BYO devices, but also on corporate devices. It defines that the datas in the protected app are all company data. An app protection policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.
https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy
For compliance policies, it defines the rules and settings of the devices. Device compliance policies are not directly related to whether can access to company data. The scenario involved is that if you use compliance policy combined with conditional access policy, it will block access to company resources on non-compliant devices.
https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
Hope it will clear something.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.