Conditional Access - Browser - Session control for various device states
It is not possible to set session controls for multiple device states
1. for compliant device require MFA and set session to 45 days
2. for any other device state require MFA and set session to 1 hour
both policies work independently but together policy 2 is never enforced because policy 1 blocks it.
In other words the request is to have a device state condition to include devices granularity in addition to the existing exclude capability.