It's now possible to exclude a specific device type (mobile or desktop devices) from device verification. You can find this setting in the application policy.
This might be useful when you want to slowly onboard your devices or want to add XFA for a limited usecase to cover a blind spot.