You have the option to choose whether claims of the given claim type can be issued for user or computer object class, or both. With the option to issue claims for the user object class, the claim type causes domain controllers to issue user claims based on the attribute of the authenticating user. With the option to issue claims for the computer object class, the claim type causes domain controllers to issue device claims based the attribute of the authenticating user’s computer. You can configure a claim type to issue both user and device claims. When you create a conditional expression for an access rule, and choose the claim type to evaluate, the condition builder allows you to distinguish between user and device claims of the same claim type.