How to Identify and Validate the Current Device's Intune Registration (Android & iOS)

In both Android and iOS environments, which specific device-level field or identifier can we use via Microsoft Intune or Microsoft Graph API to reliably determine:
- Whether the current device is registered or managed by Intune
- Whether the current device is Intune-compliant

Our use case involves validating device trust during app login. So we need to identify the exact device the user is currently using (not just any device associated with their account) and confirm that it is Intune-managed.

We are looking for a consistent identifier, such as:

• Hardware ID
• Entra ID
• Device ID 
• device object ID

Or any identifier accessible through MSAL, Entra ID claims, or Microsoft Graph API This identifier should allow us to cross-reference with Graph API responses, such as from:

/deviceManagement/managedDevices

/me/managedDevices 

What is the best practice or recommended identifier to securely link the current device to its Intune record? Are there any platform-specific differences between Android and iOS we should consider?