Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Nov 14, 2018

BYOD / Corp Conditional Access Question

Hi All

 

Tricky scenario here and I will try my best to explain.

 

Conditional Access Policy for BYOD / Personal devices = Require approved app

Conditional Access Policy for Corp devices = Require approved app AND Require compliance

 

If both are assigned to the same group:

  • Which one takes effect?
  • How to separately assign to Corp and BYOD Conditional Access Policies (dynamic groups? / Excludes etc)

Ideally we would like a separate CA policy for BYOD and Corp where users are in the same group and may have a Corp AND Personal device.

 

Any help or hints would be great.

 

Stuart

  • the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.

    I was told that it's something in plan, but no ETA.

  • the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.

    I was told that it's something in plan, but no ETA.

    • enspireditaa_01's avatar
      enspireditaa_01
      Copper Contributor

      I have the same need to allow same user to have both corp & BYOD devices with separate policies for each.    Am looking for this in 365 business

       

       

  • apadmakumar's avatar
    apadmakumar
    Copper Contributor

    You should be able to do this by using Dynamic Device Groups and using a rule like (device.deviceOwnership -eq "Company") for your Corporate devices. In general, the more restrictive policy will take precedence.

  • JS's avatar
    JS
    Copper Contributor

    StuartK73 Same need here. Hope there is a solution provided for this at some point.

Resources