@Testa Thanks for posting in our Q&A. I will answer your questions:
1.Yes. We should do Hybrid AAD join first.
2.You can refer to this article.
3.It is needed to configure automatic enrollment. If you want to enroll devices using group policy, we still need to use group policy to do enrollment.
4.Currently, there is no method can make it. It is suggested to try to manually deploy configuration profiles that the settings are same as the related GPO.
https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-windows
Hope it will give you some ideas.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.