Forum Discussion
BYOD devices can't launch Windows 365 PC because of device compliance check during CA policy check.
We have a device compliance policy for all cloud apps. We would like to allow personal (BYOD) devices to be able to connect to Windows 365 Cloud PC. In the sign in logs we see the failures for application "Windows 365 Client" app id 4fb5cc57-dbbc-4cdc-9595-748adff5f414. We can't exclude that application in the conditional access policy as it's not available. We already added exclusions for Azure Virtual Desktop, Windows 365 and Windows Cloud Login.
How can we allow BYOD devices to connect to cloud PCs?
1 Reply
Yes, the exclusions you configured for Azure Virtual Desktop, Windows 365, and Windows Cloud Login are application-based. However, the Windows 365 sign-in flow uses multiple backend services, and the “Windows 365 Client” shown in the sign-in logs is not always directly targetable in Conditional Access. Because of this, app-based exclusions alone may not be enough in this scenario.
In this case, the better approach is to keep the global “Require compliant device” policy in place and manage Windows 365 access for BYOD users with a separate Conditional Access policy. For those users, you can use controls like MFA instead of requiring device compliance.
