Why not just block access to Teams and other m365 apps via conditional access from non-managed devices then?
You can always “download” any content you’re viewing on the device, in fact you need to do so in order to view it.
Say, you don’t want a word document containing price sensitive information being downloaded, but someone with access to view the document on a non-managed device can just screenshot it. Or to be honest, just take a photo from a screen of a managed device.
Completely fair. They have specific distro they support, and their staff is trained for. Also this seems like you’ve got some OS level issues independent from steam…