BYOD Access restriction without Autopilot


How do you control BYOD Windows 10 devices?
■ Access to corporate resources
・ On-premises domain participation: 〇
・ For work groups :?
・ BYOD: They don’t want to access

To my knowledge, Conditional Access can only determine the device, whether it is an AutoiPilot device or not.
I would like to know for reference how everyone controls in order to receive many such inquiries in the situation of COVID.

Answers ( 3 )


    Azure AD Registered devices are treated as BYOD

    Hybrid Azure AD Joined (Domain Join + Azure AD Registered ) and Azure AD joined are treated as CYOD

    More details

    Best answer

    Thanks Anoop,
    I already recognized this section.
    But this is not perfect I think.
    Because Intune recognize the device is BYOD that only Autopilot enlollment or not.
    (also Domain joined).
    So, Intune can’t recognize enrollment devices is BYOD or work PCs.
    Is my understanding wrong?

    My understanding is Windows PC doesn’t have an unique identity like serial,IMEI.
    So using Autopilot and recognize BYOD or not.

    For example, if I take my workgroup company PC home and try to access company resources, I don’t think there is a way to distinguish it from my personal PC at home.


    This is the way to restrict BYOD Windows 10 Devices

    1. Sign in to the Microsoft Endpoint Manager admin center > Devices > Enrollment restrictions > Create restriction > Device type restriction.

    2. On the Basics page, give the restriction a Name and optional Description.

    3. Choose Next to go to the Platform settings page.

    4. Under Platform, choose Allow for the platforms that you want this restriction to allow.

    More Details

Leave an answer

Sorry, you do not have permission to answer to this question .