@Matt Dillon, Thanks for posting in Q&A. For your scenario, we have created two app protection policies and each needs to add related filter as below to apply to different device type.
IOS Managed Devices policy Filter: iOS - Managed Device Apps
iOS Unmanaged Devices policy Filter: iOS - Unmanaged Device Apps
For the filters you create, I think it has some issue. We can create "Managed apps", choose Platform as iOS/iPadOS, then only set (app.deviceManagementType -eq "Managed") and (app.deviceManagementType -eq "Unmanaged") in the rules.
Meanwhile, based as I know, an app protection policy is required with IntuneMAMUPN for managed devices. This applies for any setting that requires enrolled devices as well. Therefore, we need to create an app configuration policy for Managed devices and assign to the same user group as the app protection policy.
https://video2.skills-academy.com/en-us/mem/intune/apps/app-protection-policy-settings-ios
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.