Configuring the MDM user scope is not needed. We have the settings set
to None, and it works anyway. Reason is that the Machines is not
enrolling in Intune. They are registered in Azure AD only. The Intune
part is managed by the App that were created...