Occasional Contributor

Hey guys,


I could use some help.
Currently busy with a project to enroll company phones to Intune, but we want phones that aren't enrolled to be blocked from using Office apps with their work credentials.
I've tried setting up a Conditional Access policy for this, which works perfectly for Android but not for iOS. I'm testing it myself, the policies and applications are deployed and the phone is compliant, but everytime I open an Office app it states "Enroll your device to gain access" and the Company portal opens.
If I unselect the "Require device to be marked as compliant" under "Access Controls > Grant" in the Conditional Access policy, I get access. 
Thing is, access is also available for iOS phones that aren't enrolled.

Anyone else that has experienced this?