@Roman Mazzella
Thank you for your post!
Based off our What is Conditional Access documentation, your service principal should be excluded from your conditional access policy, because CA policies are if-then statements, if a user
wants to access a resource. Additionally, within the Portal it only allows you to exclude Users, Groups, or specific Directory roles from your policy, and not service principals.
Additional Links:
Service principal object
Client apps
Block legacy authentication
I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.