Conditional Access - Block all M365 apps private Mobile Device

Hello,

Ive try to block all private mobile phone from accessing all apps from m365, but it wont work. Im testing it at the moment with one test.user@

I create a CA rule:

Cloud Apps

Include: All Cloud Apps
Exclude: Microsoft Intune Enrollment
Exclude: Microsoft Intune

Conditions
Device Platforms:
Include: Android
Include: iOS
Include: Windows Phone

Filter for Devices:
Devices matching the rule: Exclude filtered devices from Policy
device.deviceOwnership -eq "Company"

Client Apps
Include: All 4 points

Access Controls
Block Access

-----------------------

I take a fresh "private" installed mobile android phone. Download the Outlook App and log in with the test.user@ in the outlook app and everything work fine. What im doing wrong? Pls help.

Peter