With Intune update 1704 it is now possible to setup Conditional Access for SharePoint Apps on IOS and Android.
You can now create an app-based conditional access policy to block apps, which don’t have app protection policies applied to them, from accessing SharePoint Online. In the apps-based conditional access scenario, you can specify the apps that you want to have access to SharePoint Online using the Azure portal.
This also works in a Intune hybrid scenario – but have to be created in the cloud.
How to set MAM CA for SharePoint in Intune
Start in https://portal.azure.com
Click on: Intune mobile application management
Under Conditional Access –> Click on SharePoint Online
Click on Allowed apps
Now you have to select “Allow all apps” or “Allow apps that support Intune app Policies”
Now you have to select “Restricted user groups” for this new Conditional Access policy.
I always use All users in AzureAD – then if for some reason you need to exclude some users you can do it under “Exempt User Groups”
Then you can see the status on the dashboard: