Hello
Thank you for your update.
Based on my research, we can know:
1.Ticking the ‘Smart Card is required for interactive logon’checkbox for a user resets the password for that user to a random complex password that is unknown to anyone and the UserAccountControl attribute of the user gets the flag SMARTCARD_REQUIRED added to it.
2.In addition to this, the DONT_EXPIRE_PASSWORD flag on the account is set so that the user’s password never expires. The GINA or LogonUI components on the client check for the presence of the SMARTCARD_REQUIRED flag during an interactive logon (console or RDP) and reject the logon if it isn’t made with a smartcard when it is set for the user.
We can try the possible method in the following link.
Expire Passwords On Smart Card Only Accounts
https://secureidentity.se/expire-passwords-on-smart-card-only-accounts/
References
Enforcing smart card authentication
https://docs.centrify.com/Content/zint-linux-smartcd/AuthEnforce.htm
Requiring Smart Cards for Interactive Logons
https://www.itprotoday.com/security/requiring-smart-cards-interactive-logons
Similar case.
Require smart card for interactive logon random password
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b29595f4-f8c2-47c7-8ad9-d15f747a5462/require-smart-card-for-interactive-logon-random-password?forum=winserversecurity
Best Regards,
Daisy Zhou