My current workflow (working for older OS but fails for Big Sur):
Bind to domain in prestage enrollment with configuration profile
Create the jamf management account
Skip local account creation
When configured this way the Big Sur M1 computers do not get a securetoken on the mobile accounts and do not escrow the bootstraptoken in the server. Most often the securetoken is picked up by either the AV management account deployed by Sophos or another IT admin account. In either case, bootstraptoken is not escrowed in the server.
This can be worked around by creating a local account during prestage which will then receive the securetoken and escrow the bootstraptoken, but that is not my preferred workflow, and introduces more potential technician errors during setup if account credentials are entered incorrectly.
+1, same situtiaon here as well. Infact the mobile account doesn't create which already set in domain binding settings. I tested on 11.1 & 11.2 as well.
Apple commented "We received several reports previously that account creation may fail when logging in for the first time with a mobile account in the macOS Big Sur 11.0.1. I am not sure what is the exact macOS Big Sur version you are testing on currently as you didn’t mentioned it. So I can’t determine if you are having the exact same issue as investigated. However, I would like to inform you that the reported issue should be fixed in macOS Big Sur 11.3 Beta 2 and a testable version is available in AppleSeed for IT portal now. I would like to encourage you to download the testable beta version and perform the testing again. Once you have tested, we appreciate you feedback the result"