Update nist-authenticator-assurance-level-1.md

Author: KeithBrewer-MSFT

articles/active-directory/standards/nist-authenticator-assurance-level-1.md

@@ -28,16 +28,20 @@ Before you begin authenticator assurance level 1 (AAL1), you can review the foll
 
 ## Permitted authenticator types
 
-To achieve AAL1, you can use any NIST single-factor or multifactor [permitted authenticator](nist-authenticator-types.md). Note that Password and Phone (SMS) are not covered in [AAL2](nist-authenticator-assurance-level-2.md) or [AAL3](nist-authenticator-assurance-level-2.md).
+To achieve AAL1, you can use any NIST single-factor or multifactor [permitted authenticator](nist-authenticator-types.md). 
 
 |Azure AD authentication method|NIST authenticator type |
 | - | - |
-|Password |memorized secret |
-|Phone (SMS)|out-of-band |
-|FIDO 2 security key <br> Microsoft Authenticator app for iOS (passwordless) <br> Windows Hello for Business with software TPM <br> Smartcard (Active Directory Federation Services) | Multi-factor crypto software |
+|Password |Memorized Secret |
+|Phone (SMS): Not recommended | Out-of-band |
+|Microsoft Authenticator App for iOS (Passwordless) <br> Microsoft Authenticator App for Android (Passwordless)|Multi-factor Out-of-band |
+|Single-factor certificate | Single-factor crypto software |
+|Multi-factor Software Certificate (PIN Protected) <br> Windows Hello for Business with software TPM <br> | Multi-factor crypto software | 
+|Windows Hello for Business with hardware TPM <br> Hardware protected certificate (smartcard/security key/TPM) <br> FIDO 2 security key | Multi-factor crypto hardware
+
 
 > [!TIP]
-> We recommend you meet at least AAL2. If necessary, meet AAL3 for business reasons, industry standards, or compliance requirements.
+> We recommend you select at a minimum phishing resistant AAL2 authneticators. Select AAL3 authenticators as necessary for business reasons, industry standards, or compliance requirements.
 
 ## FIPS 140 validation