So we are pretty new on the Intune compliance integration with Jamf Pro part.
When our users are having issues, they sometimes break the Intune & Jamf Pro connection.
I'm not sure how they do it, but the fix is always to remove the Mac device in Intune and Azure AD and registrate again from within the Self service app.
How do you prevent users from screwing with the Intune & Jamf Pro connection?
I believe this is a product issue. Can't seem to find it here - https://account.jamf.com/products/jamf-pro/known-issues - but it is for sure an issue LOTS of people are experiencing, you are not alone.
Jamf is working on this FR - https://ideas.jamf.com/ideas/JN-I-25346