Actually, there is a way how you can achieve it.
Create a Firewall Policy and name it Quarantine Firewall rule. Only allow minimum required services / ports to be allowed.
You need to create a HI policy and assign it to groups. Donot check the option in the HI policy "Pass even if the rule fails".
The group to which this HI policy is applied has a tab "Quarantine Policies when Host Integrity fails". Click on Add policy ---> Select Quarantine Firewall Policy ----> Select Use an existing Firewall policy and select the "Quarantine Firewall policy" created earlier.
So when the HI policy fails, the Quarantine Firewall policy on the client will be activated and only necessary services / ports will be allowed.
Note: SEP client should be enabled and working properly. NTP to be enabled.
Hope this helps !!!