You can use machine authentication on the laptop side which will only allow devices on that authenticate with their machine account to the domain.
For mobile devices, you still need an authoritative source of what is corporate owned and what is not. Are you moving to another MDM?