Vault as Root CA -> Windows as Subordinate CA

I’m searching for this quite a while but could not find any reference for our planned use case.
We currently have a Vault OSS configured with PKI engine. Vault acts as Root CA and a subordinate CA (issuing CA).
The system includes automated processes for signing TLS certificated based on the above chain.
We would like to add Smart cards as 2FA (on-prem, no internet at all) to our clients PCs
can i create a windows based CA - subordinate CA using my existing Vault which acts as the Root CA of the system ?
in case i can, how ?

thanks !