I could be way off the mark here but I have a feeling if the laptop had already connected prior to the policy being in place, it'll continue to connect.
The policy will only apply for new devices it hasn't seen before.
Note that "device type" detection is one when the client first makes an http request. Until then it doesn't know what kind of device type it is.
The best and cleanest solution would be to use Meraki Systems Manager on the mobile devices, and then use "sentry" mode which deploys a certificate onto the device. Only devices with the certificate can then attach.
I second what everyone is saying, especially the part about it not being foolproof. I have a network specifically for BYOD devices so I put in a policy to disallow those devices on another specific network. It worked 'mostly'; however, it would sometimes block iPads when I only wanted it to block iPhones. (even though they are two unique policies)