@Vinod Survase, Thanks for posting in Q&A. Based on my researching, I find we can configure "Restrict Users to the explicitly permitted list of snap-ins" and "Restricted/Permitted snap-ins" to restrict the .msc access. Here is a link with more details:
https://www.itprotoday.com/windows-78/how-can-i-restrict-access-mmc-snap-ins
Note: Non-Microsoft link, just for the reference.
In Intune, the policy settings are also available in Setting Catalog, you can configure there:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.