Q: Restricting access to Business Web Application/Non-Enterprise Application

Hi Buckets84!

To restrict access to the web application from personal profiles on BYOD devices, you can configure a policy in Intune that blocks access to that specific URL in personal browsers. This can be done by setting up an application or URL block on devices that are enrolled in Intune, ensuring that only corporate profiles or managed devices can access the site.

If you need more details on how to block access to a specific URL on personal browsers of BYOD devices i'll leave you the steps:

Go to the Microsoft Endpoint Manager admin center and create a device configuration profile for the platform you're using. In the profile settings, look for options like "Web filtering" or "Block access to specific URLs" and add the URL of the business application you want to restrict. Assign this profile to the devices you want to manage, ensuring it applies to BYOD devices. After applying the policy, test access to the URL from a personal device to ensure it’s blocked while still available on managed devices.

Another option is to consider using a mobile application management (MAM) policy to limit data access and prevent data leakage. This will ensure sensitive information remains protected even if the device is personal.

Let me know how it goes. 

Regards