Given the current state of the world, we have been migrating many clients to a Cloud based solution - predominately 365 with Azure AD; situationally dependant.
A bug bear is Windows Hello - if you're using Azure AD without intune or endpoint then this annoying feature will try and enable itself on your workstations and it's a total pain.
So here's a quick registry fix to get rid of it - no need to edit the local policy (this is the same). Just apply the reg and say Goodbye to Windows Hello
-- copy the below contents into a text file and save as a .reg --
Windows Registry Editor Version 5.00
; Created by: Des
; Created on: 21/04/2021
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:0
"DisablePostLogonProvisioning"=dword:0