This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 39%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
We wish to apply an MDCA policy to non corporate (BYOD) devices that will block the ability to use locally installed O365 apps and to access via browser only. We also wish to block file downloads from the O365 apps in scope to the local machine on the BYOD devices. These apps are accessed using Entra ID accounts. Access to these apps on corporate devices is to remain as is and NOT have the policy applied. What is the best method to identify corporate devices (Windows and MACs) so that we can apply the MDCA policy to those devices NOT identified as a corporate? Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hello @Bob Builder ,
Thank you for your question.
To achieve this, you use Intune to mark the cooperate devices are compliant the use Conditional to block non-compliant devices. Kindly look at this doc: https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-proxy-block-session-aad
Hello @Bob Builder ,
Thank you for your question. To achieve this, you can use Intune to make the corporate devices compliant then use Conditional to block non-compliant devices. Kindly look at this doc: https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-proxy-block-session-aad