The setting authenticatorSelection->authenticatorAttachment = 'cross-platform' in prepareChallengeForRegistration associates the identity with the authenticator device (eg Yubikey) rather than the platform (Windows Hello). The former allows the same device to be used on different computers, but only that device can be used., The latter allows any authentication method available (e.g. Windows PIN instead of fingerprint reader) to be used, whichever device was used to register, but only on that one computer.
Ultimately this setting needs to be selected by and explained to the end user, which is problematic. Why can't Windows Hello just try both?
The setting authenticatorSelection->authenticatorAttachment = 'cross-platform' in prepareChallengeForRegistration associates the identity with the authenticator device (eg Yubikey) rather than the platform (Windows Hello). The former allows the same device to be used on different computers, but only that device can be used., The latter allows any authentication method available (e.g. Windows PIN instead of fingerprint reader) to be used, whichever device was used to register, but only on that one computer.
Ultimately this setting needs to be selected by and explained to the end user, which is problematic. Why can't Windows Hello just try both?