But that's my point, though. You have to be completely detached from reality to think that securing the login to the local device means the local device is secure. People aren't going to get busted for this because they lack drive encryption, they're gonna get busted for this because some nice sounding gentleman on their phone is going to get them to give them remote access and have a mainline to every single thing they did for the past month. Or because their partner is going to use their shared password and find out some stuff they shouldn't have or whatever.
That's obvious to anybody who thinks about it for more than two seconds. How could it not be obvious to MS?