If your policy says that Entra ID will only issue tokens to users requesting them from managed and compliant devices, then the only way the attacker can request a token on the user’s behalf is to set up a phishing site on a compliant device that you manage, keep the device turned on all the time, evade endpoint protection, use the issued token within refresh windows dictated by policy, and not trigger risk thresholds that would result in automatic revocation of the token.
This overstates the strength of requiring a managed/compliant device, since an adversary can circumvent it by authenticating with a specific client ID. I'm not sure if it is possible to abuse this with widely available phishing kits, but it's certainly feasible for the phishing site to join a new device (without having one already) and then use that device from there. If the user account can edit Conditional Access policies, the adversary could also create an account and an exception to the device requirement.
Here's the source on the claim above: https://labs.jumpsec.com/tokensmith-bypassing-intune-compliant-device-conditional-access/
