TL;DR of a very useful readme from https://gist.github.com/asheroto/80d5f85e90d92e7f8e40e9d1a3dea7ad:
export USER_AT_HOST="host-to-ssh"
export PUBKEYPATH="$HOME/.ssh/id_rsa.pub"
ssh $USER_AT_HOST "powershell New-Item -Force -ItemType Directory -Path \"\$HOME\\.ssh\"; Add-Content -Force -Path \"\\programdata\\ssh\\administrators_authorized_keys\" -Value '$(tr -d '\n\r' < "$PUBKEYPATH")'"
$ak = "$ENV:ProgramData\ssh\administrators_authorized_keys"
$acl = Get-Acl $ak
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
Get-Acl "$ENV:ProgramData\ssh\administrators_authorized_keys" | Format-List