Check out Devices > Device Cleanup rules "Set your Intune device cleanup rules to delete Intune MDM enrolled devices that appear inactive, stale, or unresponsive. Intune applies cleanup rules immediately and continuously so that your device records remain current."
Another possibility would be implementing app protection policies. When implementing app protection policies you could configure the conditional launch settings:
Perhaps (little bit of rethinking) but you can make use of Windows information Protection... and combine it with a powershell script like Nicola build some time ago: https://tech.nicolonsky.ch/clean-up-azure-ad-devices/