Devices on Sonoma (14.5 I think) and above allow devices that bypassed automated enrollment to enforce enrollment. Remember, in the Sonoma time frame there were still a number of Macs that allow setup without an Internet connection. This allowed bypass of automated enrollment. (Modern Macs require an Internet connect to activate and be setup - this, this is not possible any longer except under some specific (incorrect) workflows). This is not commonly experienced but it could happen. Best not to wait for it. If you get your devices enrolled in ABM, simply run the profiles command to trigger enrollment.
Ok, the "replace bits with bits" is just a recommendation to save you time on enrollment. Here is an example. You have a machine in production that has a core application stack consisting of Microsoft Office, Google Chrome, Adobe Acrobat, and Zoom. The apps are already present on the machine. Sure, they may not be patched, but your patch policies will allow compliance over time. If you have an enrollment procedure that builds new machines (machines that have no apps), then you might want to disable those policies temporarily so you can capture the pre-existing machines without replacing the already installed apps with the same apps. Why force the machine to download nearly 10 GB of installers when the apps are already installed? If you have slow internet in some places, this could really impact the users workflow.
In the case of Office, even if the pre-existing unit is a little out of date, it is more efficient to drop a MAU profile on the device and let it pull incremental updates instead of pulling the full installer when it may not be needed.
Hope this helps. Best case you have a good reseller and the backload your prior purchases. If so, make sure they are assigned to your MDM token. Then wait for Intune to refresh (likely takes a day) or force it. And then run your profiles command.
