@Rookie{} , For GPO enrollment, one prerequisite is AzureAdPrt needs to be Yes.
https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy#verify-auto-enrollment-requirements-and-settings
If the on-premises AD users UPNs are different from your Azure AD UPN, Windows 10 or newer hybrid Azure AD join provides limited support for on-premises AD UPNs based on the authentication method. We can see if our scenario is supported.
https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-on-premises-ad-users-upn-support-for-hybrid-azure-ad-join
In some environment, to make the AzureAdPrt as Yes, we will choose the same method as yours to add the UPN suffix in on-premise domain to make it works.
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.