Don't require a default group for domain control
All of our employees share a common email address, but work for different divisions. We use domain groups to determine which (of 4) policies they will be assigned to based on what division they work in. But since you must always have one default group, they are often assigned to the wrong (default) policy. When we update their group to assign them to the correct division and policy, they end up in both the default policy and the one we want them in. We have to go delete them from the default policy.
I would think the fix could be pretty simple. Allow a slider on a domain group if you want it to be the default group. But don't require at least one group to be the default. Then when we added the group to the employee in domain control, that is the step that would assign them to a policy.