I was tasked to find ways (if any) to have external users NOT be affected with existing conditional accesses in the company WITHOUT modifying said existing policies.
We have 1 policy that prevents any user from accessing the company's tenant content if they do not belong to a security group in azure. This policy was made for employees only. However because it's targeting "All users", this affects external user who have no need of belonging to a security group since they don't have licenses to manage the company's O365 tenant.
There's another policy that forces employees to access company tenant content only thru compliant devices. This means that if I tried to access the company from non managed device, then I won't have access. This also affects "All users", including external users.
I was told that I should avoid touching these existing conditional access policies, so I'm trying to look for a way (if any) of excluding external users from being affected with these 2 policies.
Is this possible? From what I understand, I can click on an option that says "All guests and external users" under the Exclusion section of a Conditional Access, but not sure if this is right way to do it or that there is no other way except doing it this way.