Windows Servers AAD Hybrid Joined and SCCM ConfigMgr Co-Management MDM Auto-Enrollment

I have doubts about some configurations.

Basically, we have:

• sccm installation with co-management performed via cloud-attach wizard
  • intune pilot group device collection configured
• default client setting policy allows device registration in azure ad
• azure ad connect configured for hybrid join
• mdm user scope configured to all in azure ad
  • mam user scope configured to none
• users can register devices in azure ad (Users may join devices to Azure AD)
• business premium licenses
• usage location configured in the azure ad synced user
• no conditional access or mfa configured

The situation is that both client and server are synchronized in azure ad and are seen as join type "hybrid azure ad joined".

In azure ad the clients has as mdm "microsoft configuration manager", the same clients then on intune in the managed column by show "co-managed".

Servers on the other hand (windows 2016) are not automatically enrolled in intune and i don't understand why, the are hybrid azure ad joined in azure ad as devices.

Other unclear thing, do i have to create the gpo for automatic enrollment in active directory (enable automatic mdm enrollment using default azure ad credentials)?

At the moment it is created and linked to the OU containing servers and set as "device credential" (i read in documentation that with sccm or azure virtual desktop it is supported), even if i set in "user credential" anyway it doesn't work.

With the gpo applied the scheduled task is created but in the events I get the following error: Auto MDM Enroll: Device Credential (0x1), Failed (Unknown Win32 Error code: 0x8018001c)

By doing a dsregcmd /status on the machine everything seems ok.

I don't understand what the best practices are regarding this gpo, and where I am going wrong.