cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

BYOD / Corp Conditional Access Question

Stuart King
Iron Contributor

‎Nov 14 2018 02:57 AM

‎Nov 14 2018 02:57 AM

BYOD / Corp Conditional Access Question

Hi All

 

Tricky scenario here and I will try my best to explain.

 

Conditional Access Policy for BYOD / Personal devices = Require approved app

Conditional Access Policy for Corp devices = Require approved app AND Require compliance

 

If both are assigned to the same group:

  • Which one takes effect?
  • How to separately assign to Corp and BYOD Conditional Access Policies (dynamic groups? / Excludes etc)

Ideally we would like a separate CA policy for BYOD and Corp where users are in the same group and may have a Corp AND Personal device.

 

Any help or hints would be great.

 

Stuart

2,773 Views
1 Like
4 Replies
Reply
4 Replies
apadmakumar

‎Nov 20 2018 01:03 PM

‎Nov 20 2018 01:03 PM

Re: BYOD / Corp Conditional Access Question

You should be able to do this by using Dynamic Device Groups and using a rule like (device.deviceOwnership -eq "Company") for your Corporate devices. In general, the more restrictive policy will take precedence.

0 Likes
Reply
best response confirmed by Stuart King (Iron Contributor)
Alexander Vanyurikhin

‎Nov 22 2018 04:03 AM

‎Nov 22 2018 04:03 AM

Solution

Re: BYOD / Corp Conditional Access Question

the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.

I was told that it's something in plan, but no ETA.

1 Like
Reply
enspireditaa_01

‎Feb 26 2019 10:01 AM - edited ‎Feb 26 2019 10:02 AM

‎Feb 26 2019 10:01 AM - edited ‎Feb 26 2019 10:02 AM

Re: BYOD / Corp Conditional Access Question

I have the same need to allow same user to have both corp & BYOD devices with separate policies for each.    Am looking for this in 365 business

 

 

0 Likes
Reply
JS

‎Jun 17 2019 12:59 PM

‎Jun 17 2019 12:59 PM

Re: BYOD / Corp Conditional Access Question

@Stuart King Same need here. Hope there is a solution provided for this at some point.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Stuart King (Iron Contributor)
Alexander Vanyurikhin

‎Nov 22 2018 04:03 AM

‎Nov 22 2018 04:03 AM

Solution

Re: BYOD / Corp Conditional Access Question

the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.

I was told that it's something in plan, but no ETA.

View solution in original post

1 Like
Reply