If your Macs are enrolled in DEP and you have AD synced with AirWatch, there is no need to join your Macs to your domain to enroll them in AirWatch. You certainly can join them to the domain, but that has nothing to do with the AirWatch enrollment.
Yes they will be supervised devices. One thing to keep in mind with macOS devices - On initial setup they need an internet connection to setup using Remote Management. If you factory reset a Mac and go through the initial setup without an internet connection, it will bypass the remote management and setup without enrollment. You can start the enrollment after it has been setup using terminal commands if necessary.
If your Macs are enrolled in DEP and you have AD synced with AirWatch, there is no need to join your Macs to your domain to enroll them in AirWatch. You certainly can join them to the domain, but that has nothing to do with the AirWatch enrollment.
Yes they will be supervised devices. One thing to keep in mind with macOS devices - On initial setup they need an internet connection to setup using Remote Management. If you factory reset a Mac and go through the initial setup without an internet connection, it will bypass the remote management and setup without enrollment. You can start the enrollment after it has been setup using terminal commands if necessary.
There is an option in your DEP Profile in the console to have it setup a local admin account automatically for you on enrollment. You have to enable the ' Await Configuration' option under your DEP profile, and then if you scroll to the bottom there will be an option for ' Create New Admin Account' and then you'll also have the option to make it a hidden account or not. You will also see the option there to make your enrollment user an Admin or Standard user on enrollment.
I have the ' Await Configuration' enabled in the DEP profile. So when the user logs into the DEP prompt it is enrolling into AirWatch with an AD authenticated account and then logging into the Mac with those credentials but that process doesn't bind the Mac to AD so the ' Create Mobile account at login' isn't set yet. When the user leaves the company network it is unable to authenticate and therefore cannot login. There aren't cached credentials for this user to be able to login and join a home network.