Yes.
One way around this: write your policy with a wider scope, but use a custom trigger that can be initiated at the appropriate time. In my environment, I run DeployStudio for "no-imaging" and use a QuickAdd followed by a script that is specific to where the computer is going. The advantage is that any policy with the same custom trigger will be initiated at this point. It gives you a surprising amount of flexibility.
Another way around it: use the API to create the computer record in advance, and set whatever fields or group memberships you need so that the computer will be INSIDE that scope by the time enrollment is complete... The tricky part is that you need to fill in an accurate UDID for the computer record, or else the computer will have a duplicate record. I accomplish this by running a script on the computer itself, pre-QuickAdd, but that might not work well in all environments.
