Windows Hello isn’t just face ID (though that is where it originated in most consumer laptops). It’s an authentication system that uses the TPM to store credentials, for use with biometric authentication but also password authentication. This is what you’re using if you enable a “PIN” (which accepts letters, thanks Microsoft) to unlock your desktop. Rather than using a simple password, the password is used to unlock a TPM secret, which is then validated. That means it’s nearly impossible to brute force a login screen password without physically altering the device (i.e. opening the chassis and probing the connection between the TPM and the CPU).
It’s also the technology backing WebAuthn/FIDO passkeys that are requested to be stored on-device rather than in an account (the highest level of assurance), similar to how passkeys work on Android and iOS.
I’m not sure if Microsoft implemented all this for TPM 1.2, which most older devices ship with, but there’s a good chance they don’t bother or break support during an update because TPM 2.0 is a requirement for Windows 11