As Alexander said you can use Conditional Access and allow approved apps only. But remember conditional access works with modern authentication. If an app uses legacy auth (basic auth, etc) like for example Exchange ActiveSync you will not block it with Conditional Access unless you take additional steps like EAS Quarantine. But even then you have still POP, SMTP, EWS, etc. Therefore you would need to block this via ADFS for example or wait until Conditional Access is able to block legacy auth also.
Conditional access and MAM are complitely different things. In order to block app using Condtional Access, application needs to be integrated with Azure AD. After that you will be able to select app as target for CA Policy.
MAM policy can be deployed to any mobile application with Intune SDK. To target MAM policy for app, you just need to add bundleID on stage of targeting app protection policy.
In easy terms, CA policy is checking your connection to meet required conditons (risk level, app used, location) and MAM policy is controlling what you can do with corporate data in mobile application.