Sorry for the late answer - somehow I rarely get any more notifications
I had only one affected client... and the run failed.
I found the batch (that was generated at runtime?) and this weird commands.
After reading the Mitigation Guide i saw what it tried to do ... it were exaclty the commands to unprovision the client and disable the services.
I did run it manually to find out what failed, but it worked.
So I don't really know where exactly the batch failed - maybe it was just an unexpected return code.
I didn't give it a second try.