We have a CA policy for session control applied for SharePoint. This applies just fine for all file types within Teams.
When we add a OneNote tab within TAB on an AzureAD Hyrbid joined machine we get a banner "Your Orgnization doesn't allow you to download, print or sync using this device. To use these actions, use a device that's joined to a domain. For help,Contact your IT Department"
If we open the same OneNote file from sharepoint we do not get the error from the same device. It is able to understand that we are opening it from a managed device.
However this happens from within Teams, both from browser based teams or Teams application. This looks like a bug with Teams integration with OneNote.
I have also started getting this same warning and do not have an explanation. I can access the onenote from Groups and from SPOnline without issue. Within Teams, I can open the oneNote document in OneNote without issue.