In essence, you will need to create an Application Protection Policy which covers the Applications you’re concerned about and then create a Conditional Access Policy which targets these devices and applies the Application Protection Policy. Which loosely translates to I am running an unmanaged device (Chromebook), I have installed Onedrive and Teams, please apply the Application Policy against me in order to apply various security data parameters.
Application Protection Policy.
https://endpoint.microsoft.com > Apps > Policy > App protection policies
The configuration within here is of my selection, welcome to use the same settings. But the key thing is make sure it applies to your Unmanaged Chromebook Device.