I do understand the reasoning and why it would be quite useful. I don't have a solution because this is a by design scenario. I can help explain why this isn't possible.
At a high level, Office 365 is owned by Microsoft. The entire O365 infrastructure is controlled by Microsoft for personal and business use. For that reason, one can simply go to www.outlook.com and attempt to sign in to their personal or work email.
In your scenario, you asking why can't users be redirected to WS1 if they attempt to access Office 365 online. The only method to do that, is to have Microsoft initiate the redirection which they will not do. This is not a Workspace One issue but a design functionality of O365.
In this case, I would recommend leveraging conditional access and using both solutions to deliver the desired security.
