I have to conclude the FIPS-mode enforcement for .NET is broken on Win2016/Win10annivEdition.
The SHA256Managed code, https://referencesource.microsoft.com/#mscorlib/system/security/cryptography/sha256managed.cs,32 reads:
#if FEATURE_CRYPTO
if (CryptoConfig.AllowOnlyFipsAlgorithms)
throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NonCompliantFIPSAlgorithm"));
Contract.EndContractBlock();
#endif // FEATURE_CRYPTO