I'm looking to implement windows hello for business key trust modern managed topology with an ADFS server so mitigate the AAD connect sync back to on premise to map the public key to the AD user attribute. Do you know what configurations in ADFS are required for this configuration?