Conditional Access based on device enrollment
Extend Conditional access to look at Device enrolment status or if the device is classed as a corporate device.
Reason being, If we had devices that are not compliant, you cannot do a conditional access rule to block them as this will then require all devices that user is using to be marked as compliant, but what if they wish to use their personal device with MAM only ? You can only make the device compliant by enrolling it.
Would be great if with CA we can target managed, but not compliant devices and block them from accessing O365.
I 'm looking for similar feature in the Conditional Access where I can target Windows Devices that are classified as Personal devices. The idea is that if the users logs in using a Personal Devices, I will be able to pass a Session Control to the App Enforced Restriction or Conditional Access App Control