If you are using the grant control ‘Require approved client app’ in your Conditional Access policies, you need to update and migrate to use the grant control ‘Require application protection policy’ before March 2026.
At this date, the control ‘Require approved client app’ will no longer be enforced and will act as if it was not selected.
Before switching to the ‘Require application protection policy’ control, you will have to implement an Intune application protection policy for each operating system you want to support (iOS/iPadOS, Android or Windows [Windows Information Protection]).
You will need also to review the supported application for application protection policy here https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy
Once done, tested and validated you can then switch the control in your Conditional Access policy