Hello!
I'm playing around with Microsoft Intune and noticed some weird things.

I have created a Device Configuration profile > Endpoint protection > Local device security option for Elevation prompt for standard user > Prompt for credentials on the secure desktop, but usually, in the morning this stops working and when I'm trying to run let's say cmd as admin I can't because getting application blocked by your administrator.

The second thing I have no idea is how but I'm not able to turn on Windows Hello Face, on the login screen Windows Hello Faces recognizes me, but I still, need to enter the pin. I can't find where could this be configured. There was a setting for forcing users to input their password after sleep after I tested this setting I turned it off and since that moment I can't bring Intune to allow logging only with windows Hello face.

And every time after restart I need to log in with the usual credential email and password, window does not remember the last logged user.
Maybe someone can give me tip?

Thx