Issue Analysis:

With reference to our conversation, it’s not possible to exclude the Microsoft Teams desktop app separately in Conditional Access (CA). It’s bundled within the Microsoft Teams Services that you’ve already added. 

Resolution:

In this scenario, we’ve found a workaround for you: 
We’ll continue excluding the entire Teams Services in your original CA and then create a new CA policy that specifically blocks access via Teams on the browser. 

Please follow these steps to configure this setup: 
1. Keep your original CA as it is (with Teams Services excluded). 
2. Create a new CA to block access to Teams via browser and other methods – so only the Teams App will be allowed. 

Target resources: select Microsoft Teams Services 

Conditions -> Client apps -> Configure: Yes -> Apply to: Browser & Others 

Grant: Block access: