The following documentation indicates:
This feature is disabled for new tenants as of June 8th 2017. Any tenant created after that date won’t have the necessary legacy grant types to use Touch ID.
But the mean reason for this is passwordless case utilizes the grant type, and they are only enabling this legacy flow for accounts who were already using it (i.e. they had gone through development and testing and need to roll into production).
Proper support for TouchID might come in the future (they have not able to provide an ETA right now) but, as of now, they are not enabling the legacy flow for new customers. Part of the reason is that TouchID works great for authenticating the user to the device, but not to a server, so they need to carefully plan a better implementation that works around this in a secure way.
Hope this helps.