Device added to group Randomly

Some devices are added to being added to a group in Intune randomly, Sometimes this group is a disk encryption scoped policy group which causes the devices to double encrypt if already encrypted and cause a bitlocker recovery screen upon restart.

This can also be solved by removing the encryption. However why does it happen.

While "add member to group" activity in audit logs usually shows a user "admin" culprit, Some users are added using a Service Principal which corresponds to "Microsoft Intune" application with no user culprit and no further context. Both Azure Audit an Compliance audit show the same results. Any idea why or how this can be checked further?