Hi Jason,
Offline autopilot doesn’t create the device in the autopilot section in the Intune portal.
If the devices are already in the intune portal you have to create an autopilot profile, assign the profile to all device or scope this with an azure ad device group, turn on the option convert all targeted devices to autopilot. Device will show up in the autopilot device section.
If the devices aren’t in intune portal under devices and only in azure ad. Then you have to enable the mdm enrollment urls.
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-10-automatic-en...You can manage Windows Hello via multiple ways. Under device enrollment can you block windows hello for all users or you can use the identity protection profile under device configuration and assign this to azure ad group but with this profile you also have the option to make exceptions.
Let me know if this helps you.
Kind regards,
Rene
