@Talha Thanks for posting in our Q&A.
If you want to deploy conditional access policies to windows devices, it is suggested to change the primary user.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user
Change the DEM user to a normal user and the normal user is needed to have an Azure Active Directory Premium license.
Please deploy conditional access policies to this normal users. And use the normal user account to access the resources protected by conditional access policies.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.