We got such problem. I have iOS devices enrolled to intune using User Enrollment. I have create conditional access policy and deployed it to ios user groups so that users who doesn't enroll they device can't get to the company resource.
When i delete ios device from intune. On the device:
1) Deletes management profile;
2) Signs out from company portal and informs user that his device was removed;
3) But if users was logged in outlook, onedrive, teams etc. - he could access company resources.
After 1 hour, if they try to reach company resource -> they receive notification in application that they need to enroll theirs device . So it's means that after deleting ios device from intune, conditional access policy applies only after 1 hour, but no immediately.
Maybe you got some suggestions? Or maybe there something need to be changed in configuration?