We're about to go live with Microsoft Intune within our company, but I was wondering if there is a way to enforce device enrolment for users who have a company device?
I know that we can enforce enrolment into Intune for access to Office 365 services (Exchange Online etc.) using conditional access, but we only want to do this for corporate devices. We want to allow BYOD users to continue to be able to use the apps without enrolment (MAM).
We have preloaded all known corporate identifiers into Intune. Is there any way to create a dynamic group that would include all these devices that we could then apply a separate conditional access policy too?