@Andrew HUSSEY From your description, I know after deploying a device configuration profile, no account is able to login although we remove the profile. If there's any misunderstanding, feel free to let us know.
To sync the Intune policy to the device, we can go to Microsoft Endpoint Manager admin center and go to the device side, choose Sync to see if it is working.
Meanwhile, try to login the device with a local administrator account to see if it is successful.
In addition, please get a screen shot of the device configuration we set. So that we can test in the lab to get more options.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.