Thanks for posting here!
Based on my research, when we try to set the device claims, and user claims we need to set the GPOs = KDC GP must be run on DC, Kerberos GP - must be on clients.
As you said ,Dynamic Access Control is not supported in Windows operating systems prior to Windows Server 2012 and Windows 8. When Dynamic Access Control is configured in environments with supported and non-supported versions of Windows, only the supported versions will implement the changes.
For more information about the requirements , you can refer to the following link:
https://video2.skills-academy.com/en-us/windows/security/identity-protection/access-control/dynamic-access-control
Best Regards,