Can 'Windows Hello' auth be avoided?

Hey guys,

Hypothetical/paranoid question - I set up bitwarden desktop app on work computer that’s managed by my employer.

If I allow unlocking bitwarden using windows hello, is there any chance that if administrator resets OS password and gets access to the OS that he’d be able to unlock bitwarden without knowing windows hello pin ?