Hi @Gregory Suvalian ,
If I'm understanding your question correctly, it sounds like you are hoping to block access to local accounts via conditional access.
Conditional Access policies are scoped only to the built-in roles documented here: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-admin-mfa
You can create exclusions based on device compliance, hybrid join state, and device state, but you need to use Intune or group policies to enforce anything for a specific local administrator.
Let me know if this helps and if you have further questions.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.