In a conditional access to to exclude android from O365 services. Is it necessary create separate conditional access policy (include) the device allowed for O365 services?
When organizations both include and exclude a user or group the user or group is excluded from the policy, as an exclude action overrides an include in policy. Exclusions are commonly used for emergency access or break-glass accounts.