How to use AD Log On To restriction but allow Azure AD Pass-Through Authentication

As the title says I am attempting to utilize the "Log On To..." setting in on-premises AD

but still allow users to log onto Azure AD authenticated resources such as Office 365.

The test accounts can log into only the specified workstation when the setting is enabled. Which is the expected outcome but when this is enabled and the user attempts to log into anything that authenticates via Azure AD, the authentication fails with "Pass-through Authentication" Succeeded: "False".

This totally makes sense but I am required to lock down user account(s) to specific computers and still allow Azure AD Authentication for these same users.

Is this even possible without going through group policy which gets messy when you only want certain user accounts on certain machines.