I've contacted Microsoft support and they said they don't support encryption, which is why I'm posting here.
Basically, what I'm wondering is, if a modern laptop has TPM 2.0 enabled and hardware encryption enabled and then they want to use Windows Hello for their fingerprint, what encryption type is used for that biometric data? XTS-AES 128? 256? Something else? How do we look into or verify this? For BitLocker, there is a dedicated configuration page which allows you to choose what encryption type you want. Nothing for Windows Hello, it seems.
I haven't found this information anywhere, it seems that no one really knows what's going on under the hood.
If it's using SHA-1, that's bad. It should be using SHA-2.
