Someone recently came up with a request to only allow access to Office 365 if the device was coming from a Zscaler ZEN IP address and the device is Azure AD hybrid domain-joined.
Each of these policies individually is fairly straightforward to achieve. However, combining the two conditions required a bit of trial-and-error. After testing several combinations of policies, I finally figured out what would work and made a video documenting my findings:
Some great resources that helped me along the way:
Hope this helps.