@Munkh, Thanks for posting in Q&A. Based on my researching, I didn't find the policy in Intune to block download executable files. I only find the way to block exe on windows devices. Here is a link with more details:
Note: Non-Microsoft link, just for the reference.
You can contact Microsoft defender for Endpoint support to see if there's any policy can do this on it.
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.