Jamf Connect / Google IdP / FileVault?

Contributor III

I work in a K-8 school district and we use Jamf Connect with Google as the IdP. We are starting to look at the new M1 MacBook Airs since that's what is now available (these will even be our first USB-C MacBook Airs) and have come to find that there is no firmware password option anymore and the only way to lock down Recovery Boot access is to enable FileVault. We have not looked at FileVault prior to this, not wanting to introduce this (until now) unnecessary complication. While there isn't quite as much trouble that our students can get into (lack of Single User Mode, Jamf Connect effectively blocking the .AppleSetupDone deleting bypass) there's still enough to muck up that we need something more.

So, is there any (relatable) HOWTO for getting FileVault set up during ADE? Is this even possible? From my initial reading Jamf Connect really throws a wrench into getting FileVault going. Can FileVault be enabled before anyone logs into the Mac?

We really haven't looked into FileVault at all prior to this, so we're really starting from scratch. Really hoping Apple adds a firmware password to negate needing to look into this.