AAD, AADConnect, MSAL, and Managed Users Error

I have a local AD Forest that is replicated to an AAD Tenant via AADConnect. All seems OK there, the locals users get replicated up to the Azure AD instance without issue.

I have a Win10 Desktop joined to the local domain, that is running A C# test app using MSAL and calling

app.AcquireTokenByIntegratedWindowsAuth(scopes);

This throws the exception

Microsoft.Identity.Client.MsalClientException
HResult=0x80131500
Message=Integrated Windows Auth is not supported for managed users. See https://aka.ms/msal-net-iwa for details.

From Microsoft's docs here this exception is thrown under these conditions:

This method relies on a protocol exposed by Active Directory (AD). If a user was created in Azure Active Directory without AD backing ("managed" user), this method will fail. Users created in AD and backed by AAD ("federated" users) can benefit from this non-interactive method of authentication. Mitigation: Use interactive authentication.

But my user isn't a "managed user", it's a user in AAD backed by a user in AD - just as it says is required.

Why am I getting this error if I'm not using a managed user?