It's now possible to exclude a specific device type (mobile or desktop devices) from device verification. You can find this setting in the application policy.
This might be useful when you want to slowly onboard your devices or want to add XFA for a limited usecase to cover a blind spot.
To scope your policies to specific (groups of) users, you can now use an email whitelist to specify email or domain for users that should be included. Useful during during your first onboarding when you want to try out XFA with a small set of people!
Note: leaving the field empty will apply the policy to all users (which is the default).