My understanding with Secure Enclave-backed Platform SSO is that it uses hardware-based tokens to authenticate to Identity Providers (Entra, Okta, etc.). In macOS, you are required to enter your password after reboot regardless of whether or not you have biometrics or allow Apple Watch to unlock your device. Authentication methods have historically included three items: What you know (password/pin)? What do you have (hardware tokens/cards)? Who you are (biometrics)? I am aware that Apple has discussed the feature of Tap To Login, piggybacking off of hardware tokens. Unless this feature is implemented in future releases of macOS 27, I don't see passwordless authentication being available for a while.