Do we have the same 'Filters" capabilities on Conditional Access Policies ? Meaning, we can filter it by Device Ownership?
Here is our "use case" and our current constraint.
- Enforce Outlook as the only app authorized to access Exchange Online (for both corporate and BYOD devices) : Require Approved App
- Require a Corporate Device to be compliant (but not BYOD devices as we use MAM WE)
On the Conditional Access Policy for the corporate devices, both conditions must be satisfied.
On the Conditional Access Policy for BYOD devices, only the Required Approved App must be satisfied.
As conditional access policies are applied to a user or user group, a user cannot both have a corporate enrolled device and a BYOD registered device (MAM W/E). As both policies are applied to the same user, the more restrictive conditional access policy (corporate devices) gets applied not only on the corporate device but on the BYOD device that is not enrolled (MAM WE).
On of the filter parameters shown above is "deviceOwnership". Can we use that prevent the corporate device conditional access policy from applying to the non-corporate devices (BYOD)?