Conditional Access Policy Block Downloads (Preview)

Hello Community,

I've been encountering a challenging issue with implementing a Conditional Access (CA) policy to block downloads on unmanaged devices and could really use some insights.

Here's the situation:

• Objective: Block downloads for unmanaged devices using Conditional Access.
• Setup: I've replicated the policy setup across two tenants, ensuring that licenses and CA policies are identical.

Problem:

• In one tenant, the policy works flawlessly.
• In the other tenant, users experience a timeout on the "Access to Microsoft SharePoint Online is monitored" screen. After this timeout, they are given the option to bypass Defender for Cloud Apps, which is not the desired outcome.

I've tried the following troubleshooting steps:

1. Removed all conditions to isolate the issue—no success.
2. Ensured that the test user has no roles associated.

Despite these efforts, I’m still unable to get the policy to work correctly in the problematic tenant. The timeout and bypass options are a major concern, as they defeat the purpose of the policy.

Has anyone encountered this issue before, or does anyone have suggestions for resolving this?

Thanks in advance for your help!