Real BYOD in my opinion involves onboarding any non corporate device with a certificate.  And this is where ISE can help you but this of course requires additional licensing (Plus).  It's not the only method - you might want to look at an MDM solution as well because these can also onboard devices and provide a better BYOD experience than ISE (e.g. seamless cert renewal, and application management on the device).  Then you can use ISE as a radius server and perform 802.1X

The difference between BYOD and Corp is probably debateable but in my opinion it comes down to whether the device is trusted or not. In theory the corp device was built by corp IT and all the best intentions in the world to secure the device with anti-malware etc.  It's now "trusted" to be ok on the network.  BYOD is not trusted because you have no idea what stuff is running on those devices.  For starters, you can put BYOD and Corp devices on separate VLANs and then use ACLs to restrict access.  Or if you have the stomach for it, enforce some posture on BYOD. I don't have any experience with this and I shudder to think how the end user feels about having this software on their BYO device.  Excuse my ignorance on the subject.

Whether you do cert based auth for Corp/BYOD, you can do all sorts of stuff with AD.  You can lookup the username form the cert's Subject field and check in AD/LDAP whether the user account is active or not, or whether the account is a member of an AD Group or not.  E.g. you might want to allow only a subset of your AD users to perform EAP-PEAP authentication.  These privileged users can then bring their own devices into the office and use their AD creds to access the network (and be placed in a separate VLAN). 

You can analyse many attributes of a certificate to decide whether it's a Corp or a BYOD cert (e.g. the cert Issuer is often used for that purpose)

There have been many posts written about this - or even books etc.  The latest book from Aaron Woland is probably a good one to read.