The Dynamics 365 web services SDK uses ADAL for authentication. I have setup a service account with access to perform some administration in Dynamics CRM Online. I have also setup an Azure AD conditional access policy to IP restrict access for this service account. The service account is still able to connect with Dynamics 365 web services from a blocked IP address. I have verified that the service account is not able to log in to O365 from the same using web browser after applying the policy. I have also verified that the rule takes affect using the AAD what-if tool.
So it seems AAD Conditional Access is not supported for Dynamics 365 web services. Is this true? The value of AAD conditional access diminishes in this scenario if it is true, but at least I am able to restrict use of the UI from any other IP.
One thing worth mentioning is that Conditional Access (CA) Policies are only applicable on user account. This is described in the FAQ: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-conditional-faqs (search for service account)
If you use a user account as service account, then the CA will apply. CAs currently do not apply on service principals. You can use Certificate authentication for service principals to make the authentication stronger. But in general, currently CA is only available to user accounts.