@Shahd Elgergeni Thanks for posting in our Q&A.
Based on my understanding, if you deploy a conditional access policy requiring device to be marked as compliant in grant access, and the device is not enrolled in Intune, the user will be forced to install the company portal app and enroll the device.
Hope it will give you some ideas.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.