BYOD approaches - AlexFilipin/ConditionalAccess GitHub Wiki

On a high-level overview you can have the following approaches for access to company data from personal devices:

1. Access with username and password
2. Access with strong authentication (MFA or Passwordless)
3. Access with strong authentication and data loss prevention controls (Session controls, app protection policies)
4. Access via virtual desktop infrastructure that requires strong authentication and prevents data loss
5. Possibility to bring personal devices into management and hence achieve a compliant status
6. Access only with corporate devices

You could have different approaches based on context (e.g. app- or data classification).