Not sure what license you have but some of the points can be managed leveraged via Microsoft Intune for Mobile Devices, Configuration and Compliance policies can be applied via Intune and it is part of EMS Suite - what-is-intune
High-Level architecture over here - high-level-architecture
Also you will need to leverage and implement Azure Conditional Access Policies for other requirements - have a read and explore as it is a vast topic to discuss over here - overview.
Azure Conditional Access Policy will requires an Azure AD Premium P1 license.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.