We are experiencing an issue where our Intune package for deploying ConfigMgr client works properly for AAD joined devices but fails for Hybrid domain joined devices.  The problem seems to be related to the Azure user ID in that it only works properly when the package is deployed to users and Azure user ID signs in.  On the hybrid devices this does not work.  We are using CMG and do not have PKI.  Is there a recommended configuration to enable this to work for our hybrid devices?