I want to configure Windows Information Protection for our BYOD users. I created a App Protection Policy with WIP configured without enrollment . This seems to be working fine. The question is, how can we be sure all Windows devices are enforced to use WIP? What kind of Conditional Access Policy do I use?