I came across this scenario. You have to take a different approach to this,
Instead of using CA to blatantly block unmanaged device, do this.
1) Devices > Enrollment Restrictions > Device Type Restrictions > Properties > for Windows block personally owned
2) Now you have already exported hardware hash for Windows. Because this Intune treats all your Autopilot devices as "Corporate"