Checking for configured biometric Windows Hello methods programatically?

Question

I am writing a application in PowerShell which shortly has the function of enabling / disabling credential providers for end users without requiring elevation. Theres a service in the background that does all the changes.

I want the application to be intuitive enough where only the credential providers that are in use or configured will appear for the end user to be able to toggle.

The standard credential providers are fine, however my issue is Windows Hello for Business methods. Specifically, detecting if the biometric methods are configured (face recognition or touchid for example)

What would be a way to detect this programatically? I have done a good amount of research and have not found anything other than being able to check if the user is enrolled, which is fine.

I have also found methods for checking if the machine is capable of biometry (wmi). However nothing for checking if the actual method is in use. Windows has posted the credential provider GUIDs however there is little to none information in the registry except for in the PIN provider, which isn’t a issue.

Is there some sort of log that shows the last credential provider used, or credential providers linked / used with the user SID?

Maybe there is a method using MgGraph, i’d be open to that - i’ve found some commandlets but they do not provide the information i am looking for.

Maybe an eventlog?

Any ideas?

I’ve tried using MgGraph commandlets, and modifying a script which detected Windows hello enrollment by checking if pin credential provider in use. Tried replacing it with face recognition credential provider guid to no avail. Tried going through multiple eventlogs, Even the Hello for business event log - to no avail.