Hi @Jason Bradford ,
I understand that your users are being prompted to enter a Temporary Access Pass even though you have TAP disabled for your domain.
I assume that you have already confirmed that it is disabled in the two portal settings:
Azure Active Directory >Security > Authentication methods >Temporary Access Pass > No
Portal.azure.com > User >Authentication method >Temporary Access Pass
These documents indicate that windows 10 web sign-in enables temporary access pass from the endpoint manager in Intune:
Policy CSP - Authentication - Windows Client Management | Microsoft Learn
It seems that the prompt for the TAP is enabled through Intune via web sign-in, but I have reached out to the product team to confirm as I have seen a number of users reporting this lately.