Excluding machines from "enrollment" based policy

New Contributor

Small predicament - we deploy multiple apps using an enrollment based policy. Our enrollment is based on the "add-in" pkg.
If we are to exclude a machine, we cannot do so, as the machine is not in the JSS to scope against the exclusion.

Every now and then we get a machine that needs to be excluded from any of the 12 or so apps that come in as part of the "enrollment" trigger.

Any possible way to achieve this, w/out changing the trigger or removing the application?

Thank you