With your devices registered in ASM/ABM (Apple School/Business Manager) and synced to Intune you set up an enrollment program token that configures the Setup Assistant with Modern Authentication (ADE Automated Device Enrollment (formerly DEP)).
When you login with Azure AD credential your macOS device will be created in azure ad but it will not be (binded - no need), when you are finished with Setup Assistant on the device, you will be at the desktop where after a short while all your Policies will be applied (PPPC,System extensions/Device Feature/ Device restriction/ wifi / certificate / Azure SSO extension and etc)
Within the Setup Assistant you will be asked to create a local admin user.
When Company portal has been installed you log into CP and log in with your Azure AD credentials, your credentials will be saved in keychain and can be used for SSO login.
If you created Office and Outlook and Onedrive preference files that corresponds to the {{userprincipalname}} that variable will be translated to the current logged on users userprincipalname and Office/Outlook/Onedrive will do single sign in on your device. Outlook will register your license with Office 365 and OneDrive and Teams will ask you to press on the username you want to use to sign in and use SSO to handle the password.
All in all, you do not need to bind you macOS with azure AD when using Intune and Azure SSO extension and defince {{userprincipalname}} in your prerefence files.