Yes, Windows has a feature called Microsoft Windows Platform Binary Table that allows the OEM to embed any executable file they want into the UEFI image which is then automatically run on every boot. Extremely terrifying backdoor mechanism.
Not half as scary as Apple's DEP program. Pretty much everyone is moving this way because it's super convenient for admins -- devices arrive out of the box working and configured. Google has "Zero Touch", Samsung as their Knox program.
I don’t understand about your point about Apple DEP. could you clarify? It’s predominantly used on company-owned laptops and requires an Apple company account or developer license to work. I haven’t seen it used for consumer computers.
