Allow the possibility to assign Dynamics Device Groups to Conditional Access policies
I'd like to enforce enrollment for Corporate devices but not for Personal devices; for the same user account. So I can create Dynamics Device Groups but I if I assign these groups to Conditional Access policies, it doesn't work.
Not the same use case but the same need. We want to restrict access to application only from device member of a specific group.
This would also make sense to implement Security Best Practices, https://docs.microsoft.com/en-us/security/compass/privileged-access-deployment#conditional-access-only-allowing-secured-workstation-ability-to-access-azure-portal
I would want to limit administrative access to devices in specific device groups, so not just an intune compliant device, it should be the one I assign the relevant compliance rules to. So I would expect to not only assign a user group as today to the CA Policy, I would like to optionally add a condition to include or exclude a Device group.
A Microsoft engeener confirm us that device dynamic group can be used in conditional access policies.
Please impprove it because it could be very usefull.
I agree, I have a business requirement that requires this functionality.
Maya Antony commented
This is needed for us also - "assign Dynamics Device Groups to Conditional Access policies".
Need to enforce enrolment for only corporate devices which is assigned to Dynamic Device group via DEP.
Need to create a CA rule which forces users to enroll the devices. This CA rule need to be assigned to ONLY corporate devices.
Pls prioritize this and implement.
Agreed. At the moment you can only apply a policy to All devices; or Compliant devices.
Kris Titeca commented
Same problem here. Management wants distinction between corporate and private devices, something I can't translate into conditional access rule today.