Update concept-primary-refresh-token.md

Author: MicrosoftGuyJFlo

articles/active-directory/devices/concept-primary-refresh-token.md

@@ -112,6 +112,7 @@ A PRT can get a multi-factor authentication (MFA) claim in specific scenarios. W
    * In this case, the MFA claim is not updated continuously, so the MFA duration is based on the lifetime set on the directory.
 * **MFA during device registration**: If an admin has configured their device settings in Azure AD to [require MFA to register devices](device-management-azure-portal.md#configure-device-settings), the user needs to do MFA to complete the registration. During this process, the PRT that is issued to the user has the MFA claim obtained during the registration. This capability only applies to the user who did the join operation, not to other users who sign in to that device.
    * Similar to the WAM interactive sign in, the MFA claim is not updated continuously, so the MFA duration is based on the lifetime set on the directory.
+
 Windows 10 maintains a partitioned list of PRTs for each credential. So, there’s a PRT for each of Windows Hello for Business, password, or smartcard. This partitioning ensures that MFA claims are isolated based on the credential used, and not mixed up during token requests.
 
 ## How is a PRT invalidated?