One possible workaround could be to use Network Access Control (NAC) solutions that can perform device posture checks and enforce policies based on the device's compliance status. For example, you can configure NAC to check the Remote Desktop Client version and deny access if it does not meet a specific requirement.

Another option is to use Remote Desktop Gateway (RD Gateway) to control access to the Virtual Desktop environment. RD Gateway can be configured to require specific Remote Desktop Client versions or higher to connect to the environment. This approach can help to enforce minimum client version requirements and prevent access from unsupported or outdated clients.

Overall, while there may not be a direct option for restricting specific device platform versions in Azure AD DS, there are alternative solutions such as NAC or RD Gateway that can be used to enforce similar policies.

You can use Conditional Access to accomplish this, if you are looking at say specific OS versions. Set your Conditional Access policy so that it restricts the login to Compliant Devices only, and then setup your Compliance Policies to check for what OS versions would be permitted. Devices with a non-permitted OS will have the device marked Not Complaint and the user won't be able to access the service because Conditional Access will block them unless they are using a Compliant device.

@Redsman13 

See if this post can provide you some insight:

 

Blocking BYOD based on unsupported OS versions (allthingscloud.blog)