You could disallow changes to accounts in settings, which would stop them from creating any email accounts at all, including iCloud. If they cannot create an iCloud account, they cannot set up find my iPhone and thus cannot initiate the Activation Lock feature.
They would be restricted to using Safari and web email accounts only.
Alternatively, set up your own Library iCloud account on each one first, enable find my phone, thus initiating Activation Lock but now tied to your specific AppleID and Password. Then enable restrictions, and lock down account changes.
Now they cannot change the iCloud account (or any account), they cannot restore the device to override that either.