Conditional Access policies can also be configured to prevent OneDrive for Business clients from synchronizing. To enforce these restrictions, you must configure the settings in the SharePoint Admin Center and in the Intune administration interface. Follow these steps to require that computers are Intune-enrolled and compliant so that they can sync:

1. Navigate to the SharePoint Admin Center (https://admin.microsoft.com | Admin Centers | SharePoint), expand Policies, and select Access Control.
2. Select Unmanaged devices. Then, select either the Allow limited, web-only access or Block access radio button and click Save, as shown in the following screenshot:

3. Navigate to the Azure AD Admin Center Conditional Access – Policies blade (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies). 

4. Click +New policy:

5. Enter a name for the policy.
6. Under Assignments | Users, select a group of users to include or exclude in this policy (for example, All users). Click Done when you're finished.
7. Under Assignments | Cloud apps or actions, click Select apps and select Office 365 SharePoint Online from the list. Click Done when you're finished.
8. Under Assignments | Conditions, select Client apps. Slide the Configure toggle switch to Yes and select Browser, Mobile apps and desktop clients, Modern authentication clients, and Other clients. Click Done twice:

9. Under Access controls | Grant, select the Grant access radio button and select Require device to be marked as compliant. Click Select once you've finished.
10. Under Access controls | Session, select Use app enforced restrictions and click Select.
11. Slide the toggle switch for Enable policy to On and click Create.

The policy will be configured so that it's enabled.