NTLM Blocking on Windows 10 21H1 breaks some group policies, specifically allow/deny log on locally

I'm using my work profile to answer my own question here. 

If you enable rpc authentication it will fall back to NTLM and  if you have outbound NTLM denied you will have problems. Ex: guid mapping to groups fail; some GPO processing fails. Usernames show up as guids when viewing group memberships on workstations.

This took forever to track down when we removed ntlm from our network

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rpc-endpoint-mapper-client-authentication-uses-ntlm/m-p/3961525

Read the text in the blue box on Microsofts explanation:

https://learn.microsoft.com/en-us/windows-server/security/rpc-interface-restrict

THIS IS A KNOWN ISSUE!