@Jason Friedmann Thank you for reaching out to us.
Yes, the above planning is appropriate, we can surely move away from on premises domain controller to Azure active directory. However, I'd like to recommend you the below options.
OPTION -1
-> We can use Azure active directory and join the devices to Azure Active directory.
Ref.: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
IMPORTANT - Currently supported operating system -- All Windows 10 devices except Windows 10 Home
-> Once the devices are Azure AD joined users can sign into the local systems using the domain credentials. However, we do not have all the functionalities as on premises domain environment. Example - GPO, roaming profiles.
-> We can also have a shared "common" account which can be used by multiple users to login to the shared system with same credentials.
-> However, the important point here is, If you are using applications that authenticate from AD using NTLM/Kerberos, that will not work with Azure AD as it doesn't support these protocols.
Pricing
OPTION - 2
-> We can deploy Azure Active Directory Domain Services which had most of the features as on premises domain controller.
Pricing
In regards to disabling the Windows hello for business pin, we can achieve that by GPO's
How to Disable Windows Hello PIN Setup in Windows 10
1.Press the Windows key + R to open the Run dialog, type gpedit.msc and hit Enter to open Local Group Policy Editor. If you’re running Windows 10 Home, Local Group Policy Editor is not available, and you can use other ways to disable Windows 10 PIN login.
2.Navigate to: Computing Configuration / Administrative Templates / Windows Components / Windows Hello for Business. On the right-side pane, double-click on the “Use Windows Hello for Business” policy.
3.Select Disabled. Click Apply and then OK
4.Reboot your computer to apply the changes.
Please let us know if you have any further queries in regard to the above information. We will be glad to assist you further.
-Sagar
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.