Merge pull request #225137 from vimrang/patch-7

Update concept-certificate-based-authentication-technical-deep-dive.md

Author: prmerger-automator[bot]

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -75,9 +75,18 @@ Now we'll walk through each step:
 ## Single-factor certificate-based authentication
 
 Azure AD CBA supports second factors to meet MFA requirements with single-factor certificates. Users can use either passwordless sign-in or FIDO2 security keys as second factors when the first factor is single-factor CBA. Users need to register passwordless sign-in or FIDO2 in advance to signing in with Azure AD CBA.
+
+** Steps to set up passwordless phone signin(PSI) with CBA
+
 For passwordless sign-in to work, users should disable legacy notification through mobile app.
 
-1. Sign in to the Azure portal.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Follow the steps at [Enable passwordless phone sign-in authentication](../authentication/howto-authentication-passwordless-phone.md#enable-passwordless-phone-sign-in-authentication-methods)
+
+>[!IMPORTANT]
+>In the above configuration under step 4, please choose **Passwordless** option. Change the mode for each groups added for PSI for **Authentication mode**, choose  **Passwordless** for passwordless sign-in to work with CBA.
+
 1. Select **Azure Active Directory** > **Security** > **Multifactor authentication** > **Additional cloud-based multifactor authentication settings**.
 
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-technical-deep-dive/configure.png" alt-text="Screenshot of how to configure multifactor authentication settings.":::