“For app protection policy to get applied on the device, should i deploy outlook app to unenrolled devices and only then it will get applied. Should i configure something under app configuration profile.” - You can only deploy apps to a managed device. What you need is to setup App protection and app configuration policies to apply through MAM channel.
“Can i apply conditional access policies in unenrolled devices.” - Yes you can by using APP as the condition in CA. For this to work, you will obviously need to make sure that the App you want to manage supports Intune SDK in order to apply APP through MAM channel in the first place.