We'll I'm having the same issue, except for me the user that enrolled the device was configured as an enrollment manager and they have now left the company.
Now i have dozens of devices losing their mind as I am unable to edit the default device compliance policy, just turning it off, which itself is against Microsoft's own recommendations.
Not sure why the enrolling user is a requirement in that policy. Why does it matter?
So if the intention is for the primary user to also be the enrolling user why do enrollment managers even exist.
If the design Intune is to wipe the device when the user changes, why can we change the primary user?