Can smartcard/Yubikey auth be triggered for all authentication, not just admin?

I've been working through the various settings & MDM profiles needed to allow & enforce smartcard behaviors in macOS Ventura. I'm seeing a behavior, though, that I'd rather change - specifically, when enforceSmartcard is enabled, while the paired smartcard is required for login, if an activity requires authentication after that, macOS defaults to requesting the account password, not the smartcard PIN. It only requests the smartcard PIN if the activity is an admin prompt. The specific activity where this becomes problematic is with the [Privileges app](https://github.com/SAP/macOS-enterprise-privileges/wiki/Managing-Privileges) , which has an MDM configuration flag to RequireAuthentication, but the macOS APIs that are available to do that seem to only flag the regular password authentication (specifically [LAContext evaluatePolicy:kLAPolicyDeviceOwnerAuthentication](https://developer.apple.com/documentation/localauthentication/lacontext/1514149-canevaluatepolicy)) . Is there any macOS configuration or command-line tool that does this? I haven't found any appropriate utilities from Yubico, either.