Autopilot without hardware hash
Logging on with Azure AD credentials to an OOBE Win 10 should detect whether the user is licensed for Intune and Autopilot is configured. If not then the necessary information should be gathered and passed to Intune to initiate Autopilot.
This is what I though Autopilot was going to be when it was first announced. The use of hardware hashes makes it worse than PXE or even a USB stick.
Remember that there are other scenarios like Self-Deploy Autopilot, where you do not enter any creds to enroll the machine.
So without a hash file, how would Intune recognize this hardware?
Also : if you want only to authorize specific machines to enroll to your tenant, how would you deny enrollments for the other ones. Therefore, you need to white-list somehow the allowed ones, prior to the enrollment attempt (imagine you want to deny enrollments of virtual machines for example).