We're using a Configuration Profile to enable FV2.
The problem is, during the first boot wizard sometimes the _mbsetupuser is the user it chooses for deferred encryption. If we go through the setup wizard and login fast enough (before the profiles are pushed down) then it seems to use the proper created user.
Have any of you encountered this issue or know a decent workaround?
Just to play devil's advocate is there as reason you're doing it via Config Profile? You could easily take care of this via Policy. I'm not sure if the _mbsetupuser problem would appear or not, but the testing I've done doesn't seem to run into this issue. You'd also be able to set up a policy to run after that, as well, that would enable the Management Account for FV2.
Just a thought and my two cents :)