I would like to pose a concern that I have with the statement on the document. "In order to use the “Require approved client app” control, a valid Intune license is required." Can I ask for a link on this statement and why would an Intune license be required for it to work? Is it because it is relying on MAM? This may appear be yet another example of undocumented licensing requirements that are not programmatically restricted. What will happen if a user is in scope of a policy that uses this control but does not have an Intune license? If it will permit the CA Policy to apply successfully, it appears to be a compliance risk. Azure AD Premium is one of the worst of the cloud services stack in regard to the way it doesn't validate licensing for a user before allowing a given service. In my opinion, Microsoft needs to carefully ensure users can still mix and match, and not force clients to buy M365 E3 or E5 licenses for all users. The cost is still too prohibitive for many end users.
Microsoft