Stop requring masterpass after every restart.

Omigosh, THIS is how hard I'm trying to migrate to 1Password...This may be obvious to you guys in IT fields, but I'm not. Found more data on getting Windows Hello to persist:

After getting persistent Windows Hello to work on my relatively new main personal desktop PC, I figured, I need this to work on the oldest machine I have, which is my kid's T440s Thinkpad, or I can't migrate the whole family and it's a deal breaker.

So I converted to GPT partition, enabled TPM 2.0 and Secure Boot, didn't even need to reinstall Windows this time. I check 1P, and the TPM option with Windows Hello is grayed out....I don't understand. Read the other articles floated around the forum and google, key among them this one: https://helgeklein.com/blog/checking-windows-hello-for-business-whfb-key-storage-tpm-hardware-or-software/. But Certutil reports nothing. Not hardware or software key.

I realize that the article is for Windows Hello for Business. Am I using that? I didn't choose. Finally after some trial, I believe I usually set up Windows profiles as local accounts and then connect to Microsoft accounts. I realized the difference was I needed to log in using a Microsoft account. This likely won't be an issue with W11 because I think it requires everyone to login with a Microsoft account in the future.

After login into an MS account, instead of my old local accounts, I run Certutil again and finally it reports info about my Windows Hello credentials. Logging in with MS account must allow me to use Windows Hello for Business. But 1P still won't let me know Windows Hello persistently. TPM Box is still grayed out! I'm about to give up and stick with Lastpass.

I try to reenroll Windows Hello in a few different ways, with Admin, without Admin, standing on my head, etc. Still doesn't work. I noticed that Certutil reports software key, no matter how many times I follow the article and reenroll.

I figure...for some reason, even when I recreate the Windows Hello PIN, it gets stored in software even though hardware TPM is available. On my working desktop, Certutil reports using the hardware TPM, and 1P recognizes this. Maybe there's a way to force hardware TPM?

After some searching, I find that in the Group Policy Editor\Administrative Templates\Windows Components\Windows Hello for Business has a setting called "Use a hardware security device." Bingo, change from "not configured" to "enabled."

I delete the Windows Hello container one more time. Restart. Login and create a new PIN. FINALLY! 1P recognizes the TPM and the box can be checked. I restart a few times and confirm the Windows Hello login persisted.

TL;DR, I found that I needed to login with MS account, and force hardware TPM for Windows Hello for Business in order to get 1P to recognize TPM (in this case).

I still have a couple other PCs...will need them to work too if I'm able to fully commit. A little wrinkle, I initially needed to create a 6 digit pin, but you can change this in a group policy too. Also, in reading the forums, I realized I signed up for the US region when I'm supposed to be in Canada! I hope when the trial is almost done, I can export my vault structure and create an account in the Canada region...as long as I address any other remaining deal-breakers. At least this whole exercise has probably made my computers more secure overall. I'm gonna need a vacation from my current vacation...