@lightupdifire, Thanks for posting in Q&A. Based on my researching, for windows devices, it seems WDAC or AppLocker can help allow only specific application. Here is a link with more details:
To deploy the policies via Intune, here are some links for your reference:
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.