Tricky scenario here and I will try my best to explain.
Conditional Access Policy for BYOD / Personal devices = Require approved app
Conditional Access Policy for Corp devices = Require approved app AND Require compliance
If both are assigned to the same group:
Ideally we would like a separate CA policy for BYOD and Corp where users are in the same group and may have a Corp AND Personal device.
Any help or hints would be great.
View best response
You should be able to do this by using Dynamic Device Groups and using a rule like (device.deviceOwnership -eq "Company") for your Corporate devices. In general, the more restrictive policy will take precedence.
the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.
I was told that it's something in plan, but no ETA.
I have the same need to allow same user to have both corp & BYOD devices with separate policies for each. Am looking for this in 365 business
@Stuart King Same need here. Hope there is a solution provided for this at some point.