Intune MDM enrollment certificate not present after updating to a newer version of Windows

Intune_Support_Team - We are facing this issue with our hybrid AAD Windows 10 joined devices after the bad patch. I should note, these devices are not "co-managed", but rather only Hybrid AAD joined and auto-enrolled with Intune via GPO. Currently have a MS Premier support ticket open, but not making progress (Case #:23576199).  Below is the output on impacted machine, first by running the script in detection mode, and then remediation. The end result returns "[Success] Device is now MDM enrolled.". However, we never see the device check-in with Intune. The last check-in time remains the date that Windows was rolled back to previous version after the bad patch was installed. 

Is there a restart required or some other step to force the device to start communicating with Intune again? Does the device need to be removed from Endpoint Manager, prior to running the script?

PS .\mdmcertcheckandremediate.ps1
[Error] Device is MDM enrolled but enrollment certificate is missing.
PS .\mdmcertcheckandremediate.ps1 -Remediate 1
Call unregister device for enrollment Id: 4066705F-6B0C-41E1-AB1B-6D7CC499XXXX
Unregister completed, start to register MDM Using AAD device credentials.
True
Register MDM completed.
[Success] Device is now MDM enrolled.