@Yara Thanks for reaching out. You would solve the user level access to the device by using AAD as in authorized user would login.
If the Device is in field and you need to protect the data on it with securing the device with policies and making sure that does is not transferred to other unauthorized apps, You should Also consider a MDM solution like Microsoft Intune which clubs well with azure active directory.
It has capability to push device based policies to the devices over internet securing it by different policies based on passwords, device health and much more.
You can learn all about Intune here : https://learn.microsoft.com/en-us/mem/intune/
You can also try with a Free Intune trial at here : https://learn.microsoft.com/en-us/mem/intune/fundamentals/free-trial-sign-up to see if Intune can meet up your needs.
You can also see how Intune can protect the device and data : https://learn.microsoft.com/en-us/mem/intune/protect/
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.