hi, see below
do we need to enable full disk encryption during the OSD for this to work?
the following docs explain that you can do this during OSD
By default, the Enable BitLocker task sequence step only encrypts used space on the drive. BitLocker management uses full disk encryption. Configure this task sequence step to enable the option to Use full disk encryption. For more information, see Task sequence steps - Enable BitLocker.
-do we need to set bitlocker encryption levels in the OSD still and GPOs or just use the new Bitlocker deployment policy after the machine is online?
it's up to you which way works better, do you want to control bitlocker (keys) during OSD or after, that's entirely up to you, the easiest way is to simply target the policy after it's imaged, but the safest way is to configure it during OSD.