I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!
An error occurred while saving the commentTim B commented
A policy that would allow us to restrict users unenrolling their device is required for us to look at Intune as an MDM solution.
ActiveSync tokens are cached on the device, which means that a user can enroll a device, then manually unenroll it, yet still have access to their Exchange Online mailbox over ActiveSync until the token expires (up to 8 hours and sometimes more). This is causing us headache in using Intune (300 seats).