That looks like it is setting something up for unmanaged or untrusted devices? These are compliant devices in InTune, we just want users to be able to download, open etc from OneDrive but not be able to upload personal files from the device *into* OneDrive?
I am not seeing how the session controls achieves this?
I'm unaware of a solution to what you need; most of the settings are concerned with users egressing data out of OneDrive rather than stopping data going into it.
A poor workaround (if you can call it that) is to set up a custom alert for any file uploaded to OneDrive outside of your corperate IP range so you are notified if someone does, but I can imagine this would get very unwieldy quickly if you have to do this for more than a handful of people.
It may also be possible to create a Flow so that uploaded files outside of the corp IP have a custom action to them - maybe some kind of approval? A heavily modified flow like this one: