@michal, Thanks for posting in Q&A.
For the web site, if it is related with the cloud app in Conditional access, maybe we can create conditional access policy to block the access according to the risk score.
We can create a compliance policy and mark the device at or under the machine score as non-compliant:
Then you can create conditional access policy to require a compliant device to block the non-compliant device access to the cloud resource:
However, if the above information can not help, you can contact Microsoft Defender for Endpoint support in the following link to see if it can be done there:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.