You have to write a dll. It's not that big of a deal. That being said, I doubt there's much benefit to it when everything is said and done. (From a windows client perspective.)
"Not that big of a deal." you say? Then why is the documentation how to do this very sparse, and only for Win10? And if it's not a big deal, why is YubiKey making such a big deal?
Well, because in the Windows world, switching in/out authentication subsystems is a arduous task surmountable by primarily Microsoft.
And what would that be good for? Well, simply put would be a nice addition to a Windows Terminal Server. Turn a Windows TS into a proper bastion that requires 2fa. Us Linux admins have that with PAM. Sure would be nice to do the same for Windows. But right now, Windows is grossly deficient.
