1. You cannot move from one MDM to another without erasing all of your devices and starting afresh. This is partly an Apple thing, in fairness, but does make sense as it's always best to start from a box-fresh state in a new MDM.
2. You should be able to deploy scripts for whatever it is you're trying to do. I would think that third-party apps would have very limited access to such areas given modern macOS security protocols. Can you elaborate on what specifically you'd like to do, as I may be able to help.
I'd recommend using Jamf Connect to integrate with an Azure AD or Google Workspace tenant, as this will allow you to automatically create Standard (i.e. non-Admin) accounts when the students log-in. You could then create the first Admin account (the all-important 501 user) during the setup of each Mac. In Jamf Pro, you can automatically create the Admin user via MDM completely hands-free within a Computer PreStage (Jamf's name for the automated setup process), meaning Macs could be unboxed and set-up by students as they won't be prompted for local account credentials and would simply log-in with M365 or Google accounts straight out of the box.
