@Sonam Kandoi Thanks for posting in our Q&A.
For this issue, if there is an Azure AD user signing in the device, it is suggested to deploy the compliance policy to a user group.
If there is no user signing in the device, it is suggested to deploy the compliance policy to a device group.
For more details, please refer the the "Tip" and "Note" in the following article:
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Sonam Kandoi You're welcome. If you have any problem in the future, welcome to post in our Q&A.
Thanks and have a nice day. : )