With the latest Microsoft Intune updates, we've opened up key new capabilities for Windows Autopilot thanks to your feedback and the requirements you've expressed.
User-driven Hybrid Azure AD Join ...
Published Jun 25, 2020
Version 1.0
Blog Post
Jan_Gutjahr Gotcha, but I would still check the Dynamic Group, they can take a while to update. I would think they should use an object ID vs the Display Name on the backend, but they don't seem to do that. One would think that if an AutoPilot Record has an Object ID of 111 then even if the name was changed (like in the AutoPilot flow) the membership of the dynamic group shouldn't need to reevaluate to grant policies and whatnot to the devices in the group since the ID doesn't change. There is probably some issue preventing them doing that now, but I would like to think they are working on that...
Again this is what it seems to happen from what I can tell. I noticed that with my testing of AAD vs HAADJ with my autopilot records. I have my main Dynamic Group that pulls all AutoPilot records into itself and Assigns a HAADJ Profile then I have a static group of test devices which is excluded from the Main AP Group that enables my AAD join profile. When the flow changes the name of my Test AAD device, depending on timing, I can see the default HAADJ profile get assigned to the AutoPilot record then it will go back to the AAD profile after the groups all update and AutoPilot syncs again. If this is true for everything not just Autopilot then I can see this being the issue you are seeing.