Hello,
I have an Azure-only environment. How do I set up a conditional access policy that requires devices to be Intune enrolled in order to access company resources? I found recommendations to do it online by requiring devices to be Hybrid AD Enrolled and requiring devices to be marked compliant. However, this won't work because my environment isn't a Hybrid. Additionally, I don't want the device to be blocked simply because it is non-compliant. Is there a way to create a conditional access policy that specifically checks if the device is enrolled into Intune or not?