MDCA (MCAS) would not be a recommended solution here. I do understand the challenge, because I have covered similar with customers before and it really is an Azure AD scenario. My recommendation is to open a support case for D365 CI and ask them which app in Conditional Access should be used to get this control.

Hope this helps.
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE