@Rohanathan S Thanks for posting in our Q&A.
If you want to block unmanged devices to access to cloud apps, it is suggested to select "Require device to be marked as compliant" in conditional access policy.
When the device is enrolled to intune and the device shows compliant, the device can access to cloud apps. When the device is not enrolled to intune or the devices is not compliant, the device can't access to cloud apps.
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Rohanathan S Thanks for your update.
I have done the test in my lab. I add my user account "firstname.lastname@example.org" in the setting "Users or workload identities" in the conditional access policy. When I use the account to sign in the cloud app(Outlook) via Edge in an unenrolled device, it shows the following message.