Conditional Access Policy Loop with Edge on BYOD Devices – Need Help!

Body:

Hello Tech Community,

I’m facing an issue with an Azure AD Conditional Access Policy that seems to be causing a loop when users access Office 365 resources using Microsoft Edge on Windows 11 24H2 BYOD devices. Here’s the scenario:

Problem:

The policy is titled "Require App Protection Policy for Edge on Windows for All Users when Browser and Non-Compliant-v1.0" and continuously prompts users to switch profiles in Edge. These devices are BYOD and intentionally excluded from full Intune management (non-compliant by design). However, Edge repeatedly requests authentication or profile switching, creating a frustrating experience.

Policy Details:

• Applies to: Windows devices using browsers (primarily Edge).
• Excludes: Compliant devices or those with trustType = ServerAD.
• Includes: Office 365 applications.
• Excludes Groups: Certain groups that should bypass the policy.

What I’ve Tried:

• Verified device compliance status in Azure AD and Intune.
• Checked Azure AD Sign-In Logs for errors or repetitive authentications.
• Cleared Edge browser cache and cookies.
• Ensured Edge is configured to use Windows sign-in information.
• Adjusted the App Protection Policy settings for Edge.

Questions:

1. Could this be an issue with how Edge handles profile authentication in Conditional Access scenarios?
2. How can I ensure that BYOD devices remain excluded from full Intune management but still work seamlessly with this policy?
3. Are there specific adjustments I can make to the Conditional Access or App Protection Policy to avoid these loops?

Additional Context:

My goal is to secure access using App Protection Policies (MAM) for BYOD scenarios without requiring full device enrollment in Intune.

Any insights, suggestions, or similar experiences would be greatly appreciated!

Thank you in advance for your help!