It is insecure to create one account with username and password during the setup process.
The password should always come from your password manager. But you would not have access to your password manager during the installation process.
Your new account will be online. Can access OneDrive and everything Microsoft Online offers. That means anyone with internet access can try to login to it so it has to be very secure.
Windows Hello can be used for local login. But I agree with you. I would love to be able to access my Keepassxc vault during the login process. But that might be hard to archive so better to use Windows Hello.
It is insecure to create one account with username and password during the setup process. The password should always come from your password manager. But you would not have access to your password manager during the installation process.
Please remove this step.
You also would not have access to your password manager when logging into your OS, would you?
While that is true, logging into your OS can also be done via 2FA, namely via a smartcard. It’d offer a similar protection to it, if not better.
Your new account will be online. Can access OneDrive and everything Microsoft Online offers. That means anyone with internet access can try to login to it so it has to be very secure.
Windows Hello can be used for local login. But I agree with you. I would love to be able to access my Keepassxc vault during the login process. But that might be hard to archive so better to use Windows Hello.
Biometrics are not more secure than a good password.
Fair point, but good luck convincing them about it.