Device ownership a condition of conditional access
The potential to place a device into a quarantine before permission is granted to access any corporate resource. Many of my customers wish to use Intune and have a mobility strategy but wish to restrict access to corporate devices only.
Perhaps one way to achieve this is to make it a condition for conditional access scenarios that the device is 'corporate', which could be extended to Azure AD conditional access too. This may give the opportunity to have different access policies depending on the application or service being granted access to.
this is a must have!
Martin Kupka commented
We need this together with option to select the same on app assignment. I don't understand how is it possible this option is missing - we can't target apps based on ownership (we use user targeting) and then we can't make sure these are accessible via CA. This completely prevents our organization to have users with both corporate and BYOD devices at the same time.
I am really hoping that they implement a feature to distinct corporate owned devices and personal devices. We can't cut it with compliant device or hybrid joined. We need to either set security on device group and or have the ability to distinct corporate devices (for users that work on corporate and personal devices).
any update on solutions to quarantine newly singed-in devices?
For a cloud only environment this is essential to prevent personal devices accessing company resources where device compliance of company devices is not so important.
It could work just like the require Hybrid-Joined Device control but for Azure AD Joined devices only.
Alternatively you could allow CA policies to apply to device groups and blocking personal devices could be achieved through deploying a CA policy to a dynamic device group containing only personal devices. This would ensure that company devices of cloud only environments can always access the necessary resources.