Autopilot in no way depends on ConfigMgr. ConfigMgr is just one path to collect the "hash". It's also a path to directly inject a json configuration file and forgo the hash completely.
First step though is getting the systems enrolled in Autopilot. This can be done by getting the hash from the systems using the PowerShell script. Alternatively, if the devices are enrolled in Intune already, Intune can enroll them into Autopilot for you. If the devices happen to be Surface devices, then a simple support call using the serial numbers in the devices can also be used for this.
For #1 and 3, there's no specific reason to limit the Autopilot profile to a specific subset of systems necessarily but you certainly can. Generally, folks assign the profile to all Autopilot devices based on the ZTDID.
For #2, that's something the user must do unless the system is currently enrolled in Intune.
For #3, the ESP configuration does not assign applications. You must assign the applications in Intune. The ESP configuration makes identified applications that are also assigned blocking for the ESP process. If the app isn't assigned to the device, then it is ignored by the ESP regardless of the ESP config.