I've been watching so many videos and googling, but I'm missing something that I think is pretty simple.
The goal is to only allow access to emails on phones (Android & iOS). I created a conditional access policy that has the test user group in it with the InTune license applied to those users. I remove myself from that group, and I still can access emails. I made sure I still had the InTune license applied to my account.
What am I missing in order to lock down the access so only users I put in the InTune group in the MAM policy have access?