We have number of devices in our AD azure. We are migrating into hybrid Azure approach. For now we migrated about 20% of devices that are hybrid joined now. Rest of them are Azure AD registed.
My machine is one of the machines that is already hybrid registered. I have set up a test policy in Conditional access accordingly:
-> Users and groups - only my user
-> Cloud apps -> o365
- > Condition -> Device state -> All device state and exclude Device marked as compliment, Device Hybrid Azure Joined -> Session -> Use Conditional access app control (blocks downloads (preview) -* rest of settings are left as not configured
Now the policy works and blocks downloads but it also block downloads from my company device (the one that is hybrid joined)