If you've answered "yes" to both of the earlier questions but still don't see the option to use Windows Hello for Business or security keys when accessing Microsoft Entra resources, make sure you've enabled the FIDO2 security key method for the user account in Microsoft Entra ID. To enable this method, follow the directions in Enable FIDO2 security key method.
If a user signs in to the session host with a single-factor credential like username and password, then tries to access a Microsoft Entra resource that requires MFA, they may not be able to use Windows Hello for Business. The user should follow these instructions to authenticate properly:
If the user isn't prompted for a user account, they should first sign out.
On the account selection page, select Use another account.
Next, choose Sign-in options at the bottom of the window.
After that, select Sign in with Windows Hello or a security key. They should see an option to select Windows Hello or security authentication methods.
To troubleshoot issues while creating an Azure Virtual Desktop environment and host pool in an Azure Virtual Desktop environment, see Environment and host pool creation.