Here is the fundamental problem. The auto-submit gives us a hint on how many digits the PIN contains because it submits exactly when you type in the required number of digits.

Say, your password has 8 digits. Someone you know can come in and type 8 random digits to find the auto-submit point. Now, once I know it is an 8 digit password, I could make a guided guess that it is your date of birth with the year in 4 digits.

All I am trying to say is, that the auto-submit could give major hints on what your password could be. Also, makes me doubt that Microsoft is using a secure algorithm to store the hash.

A secure hash would technically have the same number of characters for any input. In this case, the information about your password is probably not stored securely or there are some basic password hints that are stored onto the system itself to guide the auto-submit.