Not something I've generally seen. However, since Bastion only accepts Password or Key Vault, you'd have to explore the KV route. To do so, you'd need an HSM (Hardware Security Module) to generate the keys, then upload those keys into the Key Vault (opting for Customer-Managed Keys, instead of Azure-Managed Keys), then from there you could pass the keys to the session and authenticate with a smart card (in theory).
Has anyone successfully configured Azure Bastion to allow smartcard passthrough (from user's endpoint to an Azure virtual machine) so certificates on said smartcard(s) are accessible at the VM level? If so, please share what you did to enable the functionality. I've mapped out the steps to replicate the issue below. Bullet 8 below is the issue.
NOTE: Azure RDP/SSH are not options in my use case. Only Azure Bastion is. We have users that need to be able to use their smartcards for authentication once they're already logged into their VMs via username/password.
1) Log into the Azure Portal
2) Choose the subscription
3) Choose Virtual Machines
4) Choose Connect
5) Choose Bastion
6) Authenticate with username and password
7) Log into the VM
8) Smartcards connected to the user's physical system (laptop/desktop) are not available/accessible at the Azure VM level when accessed via Azure Bastion