The screenshot is from a Device Compliance Policy for Windows, but it would be similar for Android or Apple as devices as well.
The compliance rules do not change any settings on machines, neither hybrid nor native joined. Conditional Access will use the policy to test if the machine meets the defined System Security requirements which have been turned on. For example, if you require 6-digit PIN and Block Simple Passwords.
If Conditional Access determines the device doesn't meet the security requirements, it'll be blocked from accessing Office 365, or whatever services you define in the Conditional Access Rule. The device will need to be remediated before it can regain access.
Device Configuration Policies work hand-in-glove with the Device Configuration Profiles in Intune because these are what actually make the settings changes. So, you'd want to define matching policies in both places, to get the device compliant.
Please like or mark this thread as answered if it's helpful, thanks!