Henk_-_Simac_IT_NL without knowing your actual setup ,I might be misunderstanding you issue but this might give som insight. I am in the migration process of 15k devices using both Device Prep and Zero Touch Enrollment from Device Administrator mode.
As Intune is a User centric approach, assign apps, configuration, etc to All Users and select to include the filter that you have created.
That is by far the most flexible approach, I would say. You will need to move to a user centric approach anyways so if you already have the config in place you could add the All Users group (+filter) and phase out the
device groups. If you need ZTE aswell then you need to add that ZTE enrollment proflie and/or token name as well in the filter as "or" rules. That will cover both scenarios and remain user centric.
Hope that helps 🙂