@Ankush Bhatia Thank you for reaching out to us, As I understand you are looking for a solution for SaaS based product hosted in Azure and wanted to control the user activities based on the device.
You can leverage Microsoft Defender for Cloud Apps session policies enable real-time session-level monitoring, affording you granular visibility into cloud apps and the ability to take different actions depending on the policy you set for a user session. Instead of allowing or blocking access completely, with session control you can allow access while monitoring the session and/or limit specific session activities using the reverse proxy capabilities of Conditional Access App Control.
Reference:
https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
Block download on untrusted devices - https://www.youtube.com/watch?v=awRpA1ziyTs&t=0s
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.