I am able to reproduce this at-will without using a expired, departed or disabled user account. The account is alive and well and yet this occurs.
- Use MDT to image a machine
- Perform an Azure AD join using a Provisioning Package which uses a bulk enrollment token
- Device shows in AAD and Intune
- Intune reports the Device is not compliant:
I don't quite understand why that's the case.