Feature request - Ability to create local accounts derived from Entra ID but with seperate local only credentials

[miawri]

In order to leverage PSSO witth Secure Enclave to get non-phishable Entra ID credentials, it is considered best practice to have a local account that does not have a password that matches the Entra ID credentials and also doesn't synch or ensure they are the same. However, it is imperative that any local accounts that were created are accounts that match an Entra ID account - an MFA challenge to prove it (with the Authenticator app) would be ideal - if a token is recieved then an account can be created with a seperate, local password.

Thinking out loud but I was wondering whether it would be possible to have XCreds create this Entra ID derived local account in this scenario? Maybe a PSSO/SE mode that could also take care of local account password policy too?

I hope this makes some sense.