Windows Hello for Business Infinite Loop - AAD

[phillips756]

Hello. I'm trying to adapt our MMA GPO based options to Azure AD only devices. In doing so, I create a local group, added members from our Azure AD (add-localgroupmember -name group-name-here "AzureAD\users-name". This works fine. I then set the group name in the proper registry key under HKLM\Software\Policies\etc. this works fine, and I can elevate. Unfortunately, if I specify require credentials, and I'm a WHfB users - regardless of whether I enter a password, pin, or face-biometric, it just keeps repeatedly asking.

[PowershellKnut]

We have the same issue, any idea why Windows Hello cannot be used?