Forum Discussion
BYOD / Corp Conditional Access Question
Hi All
Tricky scenario here and I will try my best to explain.
Conditional Access Policy for BYOD / Personal devices = Require approved app
Conditional Access Policy for Corp devices = Require approved app AND Require compliance
If both are assigned to the same group:
- Which one takes effect?
- How to separately assign to Corp and BYOD Conditional Access Policies (dynamic groups? / Excludes etc)
Ideally we would like a separate CA policy for BYOD and Corp where users are in the same group and may have a Corp AND Personal device.
Any help or hints would be great.
Stuart
the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.
I was told that it's something in plan, but no ETA.
- Alexander VanyurikhinIron Contributor
the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.
I was told that it's something in plan, but no ETA.
- enspireditaa_01Copper Contributor
I have the same need to allow same user to have both corp & BYOD devices with separate policies for each. Am looking for this in 365 business
- apadmakumarCopper Contributor
You should be able to do this by using Dynamic Device Groups and using a rule like (device.deviceOwnership -eq "Company") for your Corporate devices. In general, the more restrictive policy will take precedence.