We would like to apply a compliance policy to all users in the org. In our company, each user has their own device. Users do not share devices. In this case, we've been advised that it is best practice to deploy compliance policies only to users and not to devices. We have different security requirements for BYOD devices vs company devices.
Given that we have been advised to deploy compliance policies only to users, what guidance do you have for maintaining separate compliance policies for users' BYOD devices and users' company devices?


