AMA: Microsoft 365 and Windows licensing

Hello everybody, we are not 100% sure if this is a technical issue or works as designed, so I leave it here so maybee some license or AAD or Intune expert could answer this... We are using hybrid AAD user accounts synced by AD Connect. Licensed with M365 E5. Sometimes user are getting temporarily disabled in out meta directory (e. g. for some weeks illness). The disablement gets synched to AAD and altough licenses are removed for the user in AAD. The associated device in Intune is falling to "Not Compliant" because of "Built-In Compliance" stating "enrolled user exists" and "has compliance policy assigned" is "Not Compliant". Until here I could agree, this is working as designed. But then the user comes back, get enabled again, this is synched to AAD and altough licenses get assigned. But the device stays in "Not Compliant". At the moment the help desk gets it fixed by removing primary user, sync device, set the same user as primary again and sync device again. Is this behaviour "as designed"? Is it a missbehaviour, maybee because of some special conditions (than I would open a case)? Does anybody else see this behaviour? Thanks in advance.