We use Symantec Encryption Desktop 10.3.x (which is based on PGP) to perform full disk encryption on all our devices. Encryption Desktop can integrate into WinPE and WinRE media (allowing use to authenticated and access the encrypted drive from within WinPE/WinRE) by mounting the WinRE wim, and running PGPPE which installs the necessary drivers and executables into the wim. Further to this, we regularly utilize the Microsoft Diagnostics and Recovery Toolset (DaRT) which is part of the Microsoft Desktop Optimization Pack (MDOP). The DaRT media creator pauses (with a press next to continue button) just prior to compiling the completed wim (but with the wim mounted) to allow integration of 3rd party files, applications, drivers, etc. This makes it very convenient to run PGPPE against the recovery media without having to manually extract the wim from the finished ISO, update the wim, then re-insert it into the ISO.
The Veeam Endpoint Recovery media creation wizard should feature this option - a pause while the wim is mounted prior to actually unmounting the wim and creating the ISO image.
Or better yet - let us slipstream Veeam.EndPoint.Recovery.exe to DaRT similar to what Symantec does with Encryption Desktop.