Support Tip: How to enable Intune app protection policies (APP) with Microsoft Lists

I added the com.microsoft.splists bundle ID to my App Protection Policy (for iOS) last night, right after reading this. As of this morning, ~12 hours later, it's still not working. 

For me, the Lists app just prompts for username. I provide my UPN, and immediately it switches over to the Microsoft Authenticator app... this is the one that tells me this isn't allowed here. 

Is it possible that the Authenticator app Bundle ID needs to be added too? Or some other reason why this is happening? 

I also checked App \ Monitor at endpoint.microsoft.com and see that the bundle ID is in there, but hasn't checked in.  While not shown in the screenshot, I do have 4-5 other trusted Microsoft apps that have all checked in/synced since this, within the last 30 minutes even, but still the Lists app not so much. Is there a way to force this APP Sync process or these apps? I reinstalled Lists and that didn't help. 

I'm game for anything, please let me know where else I should look or what I should try. 

After this I checked in at Azure AD and reviewed my sign-in logs, specific to Conditional Access - we have a policy that applies to all O365 apps (AAD "enterprise apps") such as sharepoint online, exchange online, and all related services including Lists and Planner etc.  This policy, for mobile OSes, requires Microsoft trusted apps. 

The grant controls are configured for this CA policy to require approved client apps https://aka.ms/supportedmamapps  -OR- require app protection policies https://aka.ms/supportedmampolicyapps