FWIW, my experience doing this process for a ~130 person org last year was pretty painless compared to other Domain Claims I've initiated for other SAAS vendors (Docusign in particular), and MDM nightmares (expired JAMF certificates, I'm looking at you).

We had to do it as ppl had made personal Apple accounts using our domain, meaning if they logged in with such an account and left, their iPhone magically transformed into an expensive, elegant paperweight. Due to a setting in our previous MDM we were unable to migrate data cleanly using Apple Biz Manager without committing to use ABM as our MDM (we couldn't) so we told people to "move it yourself following these detailed instructions, otherwise it can't be migrated." Regarding personal data like health on company-managed devices, I certainly don't share that type of info with my employer, and make it clear to staff that it's not our responsibility to migrate such data.

The domain lock process was an absolute fiasco at our company. I think this could work if you did this at the time your company launched, but the moment you have employees who have Apple IDs tied to their work email that aren't from the Business Essentials system you are stuck in an impossible-to-mange place.

There are several cheap MDM solutions for Apple devices that I would rather pay for than be dependent on this. (We've used SimpleMDM and love them.)

I gave up when it wanted a Dun and Bradstreet number (whoever they are) and the website to get one didn't work.

We use Apple Business Manager. Locking a domain is not a requirement if you're just doing basic MDM, I'm pretty sure. (I also had a negative experience with it, so we didn't use it and everyone just uses their personal apple IDs). Is it no longer possible to skip this step in setting up the account?

AFAIK, it works with subdomains, so you can use something like employees.example.com as your domain, and capture over that.

This was my experience switching from GMail to Apple’s mail service. I switched back after a few days.