@DoBongSoon Thanks for posting in our Q&A. For this issue, it is not related to windows 365. Windows 365 is a cloud-based service that automatically creates a new type of Windows virtual machine (Cloud PCs) for your end users.
From intune's point of view, it seems that we can use the conditional access policy to make it.
https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune
We can add "office 365" in the setting "cloud apps or actions", it identifies the office 365 is protected. However, office 365 does not only include office 365 portal, but also include others. Please refer to the following article:
https://learn.microsoft.com/en-gb/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#office-365
Then we can filter the corporate devices in the setting "Filter for devices".
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters
And it is suggested to set "Require device to be marked as compliant" in Grant. It will block the device that it is not managed by intune and is not compliant to access office 365.
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.