I have been working on conditional access rules this week in my test environment.  I am planning on trying to sell to my senior leadership a plan to move off traditional MDM and towards an Intune/MAM conditional access setup.

Some of the things I really like about conditional access is the ability to control all of the different client access.  I can lock it down to could application type, or domain user etc:

The only real problem I’ve come across is trying to sell this. It is such a huge change, and really requires all or nothing type approach.  We will see what the new year brings.