I’ve seen a lot of instructions online requiring quite a few edits to the domain policy or registry. I have found that it only takes two policy changes to enable this feature in Windows 10.
Using gpedit.msc, navigate to:
Local Computer Policy → Computer Configuration → Administrative Templates →
Windows Components → Windows Hello for Business → Use biometrics (set enabled)
System → Logon → Turn on convenience PIN sign-in (set enabled)
I have found changing these do make the required changes in the registry as well, so no manual registry changes are required.