Sorry for dredging up Filevault processes again, but I'm sort of in a muddle. Our situation/requirements are currently thus (for intel and M1 Macbooks):
At present we create a hidden local admin account during prestage enrollment and this works fine, but the account then doesn't have a Secure Token for Filevault.
I'm assuming there must be a better workflow than the following:
How do folks accomplish this in similar circumstances?
Any pointers useful! I think I've pickled my brain looking through all the threads.
You are doing our exact workflow. I've tried playing with a few different configurations and I end up coming back to something similar to above (the only difference is we have tried creating the first account as an admin and demoting them later on, saving a step).
Discussing with Apple support it seems as if this is work flow is working as intended.