Forum Discussion
CA policy for corporate devices
I would like to create a conditional access policy to block all non corporate devices from accessing Office 365 resources. I created a policy: Applies to -> User Group Applies to -> all resources ...
I guess the issue here is that when accessing Office 365 via a browser, the Conditional Access (CA) policy might not always detect the device’s ownership and trust type reliably, especially for session-based authentication.
If your goal is to allow browser access for corporate devices while blocking personal ones, use Session Controls:
Sign-in frequency: Set a persistent browser session for managed devices.
Use Conditional Access App Control (MCAS): This helps distinguish corporate vs. personal browser sessions.
If browser-based Office 365 access is still blocked, consider excluding certain apps (like Exchange Online or SharePoint) from the strict device policy.