Forum Discussion
Conditional Access not working with specified parameters
We are trying to restrict access to O365 and any use of the O365 apps in a personal macOS device even if it's enrolled with Intune. This means that only macOS devices with Corporate ownership are all...
The operatingSystem value isn't right, it must be a valid operating system there (device.operatingSystem -eq "valid operating system").
When using the above Block exclude company devices. If using a Grant exclude the personal devices.
You can also work with filters in EndPoint Manager/Intune under Tenant administration - Filters and using those in a compliance policy which in turn CA can check when configured.