Hello Brian
The hash command under the IKE policy is used to specify the hash algorithm to be used within that policy. The default is SHA, which means if you don’t specify it, SHA is configured. This is why the specific implementation you described works, because one end is explicity configured as SHA, and the other is by default SHA. In the case of the DMVPN over IPSec lesson, a non-default configuration of sha256 was chosen, and that is why the command appears.
For more info about the hash command under the IKE policy configuration mode, take a look at this Cisco command reference:
I hope this has been helpful!
Laz