Hi,
there are 2 things here which we need to see ,
Firstly if you are enrolling the devices Via GPO, and the sccm is already there in the machine , the state of the machine will be a co-managed state once the sccm client is detected . Now since you are opting to go for the intune enrollment via sccm client ,you can also utilize it but first you need to make sure the autoenrollment collection it should a Pilot collection (You can take it as a test collection) , the devices in this group will be enrolled via sccm client for a reference the flow is too large you can check the basic things in the task scheduler the task name "Enterprise management" will be created and the you can check the comanagementhandler.log.
You mentioned that you need to enable the patching on the machines for this you need to configure the workloads which are defined , the 2 workloads which you need to move to the Intune pilot / Intune (based on the environment) is the office click to run apps and the windows update policy . The office click to run apps will make sure the apps are deployed via intune There's a new global condition, Are Office 365 applications managed by Intune on the device. This condition is added by default as a requirement to new Microsoft 365 applications. You can then enable the updates to them via ADMX in intune https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-update-office
For the quality updates and the feature updates , you have the windows update rings which you can target accordingly from MEM console.
Just for FYI : If the workload remains on SCCM and you target policy via Intune /MEM it will be shown as not applicable as the machine will not be able to determine the policy is coming from MEM since workload is still on sccm