Please check follow tips to troubleshoot the issue.
1.Make sure that you have configured the authentication context in the “external sharing and device access” configuration of the sensitivity label.
2.Make sure that you have chosen authentication context in the Target resources of conditional access policy.
3.Make sure that you have chosen Any location and all trusted locations excluded in the Conditions of conditional access policy.
4.Mare sure that you have chosen Require device to be marked as compliant in the Access controls - Grant of conditional access policy.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.