I'm in corporate IT with my company, and we have this same issue regarding mobile apps that use SSO for authentication. When we initially rolled out Intune we had some key apps (SAP, SFDC, ...) that utilized SSO on the desktop, also working on their mobile app counterparts for Android and iOS. At that time SSO login for mobile apps worked fine.
Recently we've been getting complaints about failed from these mobile apps logins. I've had a case open with MSS for a couple weeks now. The mobile app calls a webview to handle the SSO authentication. The webview always appears to be Mobile Safari (default browser setting in the OS makes no difference). Mobile Safari is unable to pull any of the Intune device information (DeviceID) so the Conditional Access policy can't determine if the device is Complaint. The webview also isn't showing as the app that called it. So if I try to exclude one of the affected apps (say SFDC) from the CA policy, it still fails because the webview doesnt identify itself as SFDC.
Mind you some devices are still successfully gaining access via these mobile apps. There is no pattern discernable on which Android/iOS are successful vs the CA policy, and which fail. MS says this isn't officially supported ... even if it was working fine for 2 yrs. I've tried every trick I know of, but I'm stuck. If we can't force the webview to use Edge for the SSO auth, this may never work as expected for ALL mobile users again.