This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Simple question, when setting up device configuration profiles, is it good practise to differentiate between Corporate and BYOD devices at the assignment stage?
Reason I ask, if I have a BYOD AAD registered device on Home Windows 10, I don’t want it to be picking up Bitlocker configuration policies, or Compliance/Conditional Access Policies on the same theme, as I would for BYOD AAD Registered/Joined devices Windows 10 Pro.
@Anonymous Thanks for posting in our Q&A.
Of course. If you don't want some devices apply some policies, please don't add these devices in these policies' assignment. Create a device group for home windows devices and create another device group for windows 10 pro devices.
However, it is needed to apply Conditional Access Policies to users, not devices. So, the target user signing in the home windows device will still be limited by the conditional access policy.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Anonymous Is there any other assistance that we can provide? If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.
@Lu Dai-MSFT-0289
Couple of things:
@Anonymous Thanks for your update.
1.If you want to filter Corporate devices and BYOD devices, it is suggested to create a rule in the dynamic device group. It will automatically filter devices based on the rules.
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#rules-for-devices
2.Yes. What you want is based on device assignment (Corporate or BYOD). However, Conditional Access is applied to user assignment.
@Lu Dai-MSFT
Firstly, hope you had a merry Xmas and a happy new year.
Many thanks for the clarification, Intune is a great product, but not easy to understand sometimes, due to it’s granularity (many moving parts).
@Anonymous You're welcome. It's great to hear that you like our product. If you have any problem in the future, welcome to post in our Q&A.
Happy new year and have nice days. : )