So, it appears they've broken the Pre-Auth Risk Policy in 4.4.1

Despite the Rule *not* having "Check User History" enabled and being of User Time of Login Rule, it can't be added to a Pre-Auth Policy