In Headwind MDM, device data encryption is turned off. The reason is that in most cases the device encryption is not required, whereas the encryption significantly increases the device enrollment time.
I think it's a good idea to add the encryption option in the UI.
There's a workaround how you can turn on device data encryption. When you generate a QR code for the device enrollment, read it by some QR code reader, remove the attribute:
and pack the JSON back into the QR code.
This will turn on the device data encryption.