If you're not using an MDM, you'd have to leverage SHLs or Guest Device
Repository with MAC address to identify them. Just keep in mind, MAC address
can be spoofed, so you'll want to use the profile conflict detection
mechanisms with this.
One other alternative is to issue certificates to the corporate devices via
Onboard or an external CA.