I am setting a secure Azure user that can't access third-party webmail for example https://mail.google.com, but should be able to access https://outlook.com or https://portal.office.com.
I set up a user with lic for Intune for the device and Entra ID p2 for security. I have a test tenant and have join the test Hyper Machine to Azure AD.