BYOD / Corp Conditional Access Question

Stuart King · ‎Nov 14 2018

Hi All

Tricky scenario here and I will try my best to explain.

Conditional Access Policy for BYOD / Personal devices = Require approved app

Conditional Access Policy for Corp devices = Require approved app AND Require compliance

If both are assigned to the same group:

Which one takes effect?
How to separately assign to Corp and BYOD Conditional Access Policies (dynamic groups? / Excludes etc)

Ideally we would like a separate CA policy for BYOD and Corp where users are in the same group and may have a Corp AND Personal device.

Any help or hints would be great.

Stuart

apadmakumar · ‎Nov 20 2018

You should be able to do this by using Dynamic Device Groups and using a rule like (device.deviceOwnership -eq "Company") for your Corporate devices. In general, the more restrictive policy will take precedence.

Stuart King · ‎Nov 22 2018

the thing is that at the moment CA supports only user based groups, so you won't be able to target separate policies based on device type.

I was told that it's something in plan, but no ETA.

enspireditaa_01 · ‎Feb 26 2019

I have the same need to allow same user to have both corp & BYOD devices with separate policies for each. Am looking for this in 365 business

JS · ‎Jun 17 2019

@Stuart King Same need here. Hope there is a solution provided for this at some point.

BYOD / Corp Conditional Access Question

BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

BYOD / Corp Conditional Access Question

BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question

Re: BYOD / Corp Conditional Access Question