@karthik palani , For your questions, Here are some suggestions from my side:
- For conditional access, set another conditional policy, under conditions, choose platform: Android. iOS, macOS. Client apps: Browser. Access controls: block.
- For WIP. I notice Adobe reader shows access denied. Please check if the app is added as below:
And see if the app is running in WIP by checking the Enterprise context:
https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context
For the data in portal.office.com, if we consider they are enterprise data that needs to be protected. We can add it ot cloud resource in network boundary.
https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip#recommended-enterprise-cloud-resources
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.