Hello Peter Roddy,
Thanks for your question.
I will suggest Azure AD Conditional Access policies and device compliance information.
You could configure a policy that grants access to the web app only from devices marked as managed in Entra
See: Create a device-based Conditional Access policy
You can also Use compliance policies to set rules for devices you manage with Intune
- Sign in to the Microsoft Intune admin center.
- Go to Devices > Compliance policies > Create Policy.
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola