Azure Group Dynamic Membership rules not updating

Our MDM manager came to me with an issue with Azure Endpoint Manager using Dynamic Membership Rules. The groups were not updating members automatically, as a result devices didn't receive the correct policies. The membership rule was simple.

(device.enrollmentProfileName -equals "LKiosk")

If the device was using that enrollment profile, it should have been a member. Unfortunately, that equals operating was not operating as expected. As a result, we were getting no members in the group. The solution was to change the operator to Contains.

(device.enrollmentProfileName -contains "LKiosk")

Once we made the change, the membership was re-evaluated and the devices were added.