Hi @Guac55 and welcome!
So, there's a few things we could do here, but none of them involve Intune.
Meraki Systems Manager and Meraki MR have a technology called Sentry WiFi. This allows you, with nothing more than a handful of clicks, to provision devices with certificates bound to management (so that if you removed management, the cert would be removed too), which are then used for authentication.
What you can do is use the various pieces of inventory and posture that we get back from a device to determine whether it has the right to continue to have the cert: Not compliant, no cert.
However, if you were to look at MX in your network, then you could use Sentry Policies: This would allow you to determine the behavior of the device on your network: The posture of the device could be used to force a device onto a particular VLAN if it had a piece of unapproved software installed, wasn't running the latest version of the OS, and a whole host of other use cases
However, we understand that moving MDM providers may not be in your roadmap. So, there's also another technology called Trusted Access that allows you to provision devices with certificates, but without the management.
However, Trusted Access doesn't completely fulfill your use case, as there's no posture check
Anything that doesn't involve the above would be custom development on your side, alas.