Dec 01 2019 01:51 PM
Hi All
Trying to get my head around something:
What do you guys use in such scenarios?
Info appreciared
Dec 02 2019 12:17 AM
Dec 03 2019 02:52 PM - edited Dec 03 2019 02:53 PM
Hey many thanks for the excellent and informative response.
Yeah, leaving aside the enrollment for now, that will stay Personal.
However, some devices may enroll, some just wanna access corp email.
There is tremendous help on these 2 guides:
https://docs.microsoft.com/en-us/intune/protect/tutorial-protect-email-on-unmanaged-devices
https://docs.microsoft.com/en-us/intune/protect/tutorial-protect-email-on-enrolled-devices
However BOTH require the creation of a Conditional Access policy.
Managed devices grant with Require device to be compliant / Require approved app
Unmanaged devices Require approved app / additional MFA if required
Surely these 2 Conditional Access policies will conflict and require enrollment?
My question is, what if you have users with multiple devices, one enrolled and one not?
Make sense?