Intune App Protection Policy - assign using Azure AD dynamic device groups
App Protection policies should have the options of using Azure AD dynamic device groups, instead of currently only user based groups.
This feature will allow for different App protection policies for Corp and Personal devices - specifically "Require Pin for Access", which we want to enable for BYOD devices and not for Corp devices - even if the same users uses different devices. Generally Azure AD dynamic device groups should be enabled for use in all of Intune.
I'd really like to see this feature for the same reason as others have stated - I want to assign different App Protection policies to the same user based on whether they are on a locked-down corporate device or their own device.
Scott Arndt commented
We'd also like to see the ability to assign to mail distributrion gruoops
Vinayak Bhagwat commented
Please allow administrator to deploy MAM policies on Device Group since we need to differentiate Corporate MAM policy and BYOD policy. Without deploying MAM policy on devices group could not be differentiate CORP and BYOD policy on respective devices.
Highly recommending you to change the design according to our requirement.