Going to throw my 2 cents in here. The 9.2.2.26 patch (for new model iPhone Xs models) is thought to have corrupted most if not all of my DEP entries. Devices that hit DEP prior to the patch would not remove on their own when unassigned from DEP, devices that hit after the patch would for the most part remove on their own when unassigned. I have also seen issues with ' Invalid profile' enrollments and ' Connection to server could not be established' when using HUB native enrollment but for me, a fraction of my DEP devices will issue themselves a 401 'Break MDM' command after hitting DEP and enrolling in a staging users name. I have since upgraded to 9.7.0.13 and the issue still persists.
For devices not removing from Console when Unassigned:
When I raised a ticket, the solution they came back with was to mass reassign all of my DEP devices back to the Console, sync, then try to Unassign the ' stale' devices, sync again. This did allow me to get some functionality back in regards to devices removing from the Console on their own. I then had to go back and remove almost 100 devices manually that had been disowned but never removed. Examples below in case anyone needs to remove DEP devices manually (these commands only remove DEP entries, it does not affect an enrolled devices functionality)
--Remove Single Device
Delete from mobilemanagement.EnrollmentToken where DeviceSerialNumber ='inputSerialNumber'
--Remove Multiple Devices
delete from mobileManagement.EnrollmentToken where DeviceSerialNumber in ('inputSerialNumber','inputSerialNumber','inputSerialNumber')
For devices getting Invalid Profile or ' Connection to server could not be established' using Hub or DEP devices not enrolling correctly:
Through trial and error I determined the DEP entry is causing a HUB native enrollment to give ' Invalid profile' or a ' Connection to server could not be established' and is causing my DEP devices to ' auto-Enterprise-Wipe' on enrollment (no compliance or compromised policies enabled that would enact this command....). For the Hub enrollments, I use the command above to remove the DEP entry and get the device enrolled then let the automated sync bring the device back into the Console. (these are device that were Enterprise wiped but not reset to factory)
For my DEP devices issue, its hit or miss but I Unassign from DEP and see if the entry is removed from Console, if not I manually remove, then reassign the device to DEP and sync it back in. Sucks to have to reset to factory again, but this usually corrects the DEP device issue at that time (issue seems to creep back up if device is reset and tries to re-enroll again).
Maybe one day there will be a fix but this has caused a lot of manual work for me. As I mentioned, this only seemed to come up when I applied the patch for the new iPhone Xs models.