Hello James Chan_110, both of these are possible. At a high level, the workflow would be something like this.
- Enroll devices in Intune
- Create device compliance policies
- Configure conditional access policies
- Define device limit restrictions
- Test and deploy
You may want to see the following useful references in this regard -- https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune and https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-limit-restrictions
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.