Use this registry change to enable the pincode Windows Hello on a traditional domain without Azure AD or MDM.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
Notice that the a new pincode is registered on the local device only. Each other device will store the pincode locally (It should be possible to use the domain controller as credential provider, but this change will not activate that feature). This registry change will activate the builtin client Windows Hello functionality. It will not activate other enhanced functionality or central management.
Camera functionallity can be activated if the pincode is set first. You need a compatible IR camera to activate this feature.