Help hive mind! We're moving to M365 from google and when setting up our tenant with unified labelling it seems to be stopping us signing in to teams on volunteers personal devices (registered with endpoint manager but not MDM or MAM licensed) as it comes up with an error that the device isn't compliant with policy.
The sharepoint admin setting for access from unmanaged devices is confirmed off and labelling policy doesn't require protected content to be accessed from managed devices only. Can access teams via browser on the device it's just blocking signing in to onedrive locally. The work account for the org is registered in the 'work accounts' section and the device has an id showing against the user in endpoint manager with compliance n/a as it's not a managed device.
What am i missing here? We have a small group of senior users with AIP rather than the whole org but we'd like to keep this capability for them whilst providing convenient access for the bulk of our volunteers if possible.