Forum Discussion
Conditional Access for Azure AD ONLY joined devices
All my user mobile devices (Windows based) are Azure AD joined (no hybid) The requirement is to allow access to online resources from these devices ONLY & if external to trusted location then do MFA...
Logically that does not convince me. And that is one place where there is no tester available
To me for Block in Grant, in Device filtering this would make more sense:
Include device that "deviceOwnership Not equals Company" & "trustType Not equals Azure AD joined"
I am mean you can use multiple expressions. And negative operators for personal devices (devices not in directory). This isn't Microsoft support you know. You should reach out to them instead and complain... Btw, use What if tool and/or report-only to get an idea what will happen.
- There is no What-if tool in that very section (Filter for devices)
I been through the report-only, but real life just works faster