https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

To block or limit access to specific sites, you must set the organization-wide policy to « Allow full access from desktop apps, mobile apps, and the web. »

• Sign in to Office 365 as a global admin or SharePoint admin.

• Select the app launcher icon in the upper-left and choose Admin to open the Office 365 admin center. (If you don’t see the Admin tile, you don’t have Office 365 administrator permissions in your organization.)

• In the left pane, choose Admin centers > SharePoint.
• In the SharePoint admin center, click access control.
• Select Allow full access from desktop apps, mobile apps, and the web.
• Click OK.

Then follow these steps to manually create a policy in the Azure AD admin center and run PowerShell cmdlets.

1. In the Azure AD admin center, select Conditional access, and then click Add.
2. Under Users and groups, select whether you want the policy to apply to all users or only specific security groups.
3. Under Cloud apps, select Office 365 SharePoint Online.
4. Under Conditions, select both Mobile apps and desktop clients and Browser.
5. Under Session, select Use app enforced restrictions. This tells Azure to use the settings you’ll specify in SharePoint.
6. Enable the policy and save it.
7. Download the latest SharePoint Online Management Shell.
8. Connect to SharePoint Online as a global admin or SharePoint admin in Office 365. To learn how, see Getting started with SharePoint Online Management Shell.
9. To block access, run Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site collection or OneDrive account> -ConditionalAccessPolicy BlockAccess.
10. To limit access, run Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site collection or OneDrive account> -ConditionalAccessPolicy AllowLimitedAccess.

Policy recommandations
https://docs.microsoft.com/en-us/microsoft-365/enterprise/sharepoint-file-access-policies