Thank you for contacting Octopus Support.
The variable should remain unevaluated if there isn’t a valid scoping against the target. One scenario to watch out for is when a Process Step is scope to a Role but the Target has additional Roles as well. We have a recent GitHub issue on this as the Variable Preview can be misleading.
I can think of two options for failing that may work for you. First, you can use Variable Run Conditions that will only allow a Step to run when the variable expression evaluates to true. The other option would be to add a script Step to the Process that compares the evaluated variable value against a list of acceptable values.
If you have any additional questions, please don’t hesitate to ask.