Update concept-certificate-based-authentication-technical-deep-dive.md

Author: vimrang

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -115,7 +115,7 @@ For passwordless sign-in to work, users should disable legacy notification throu
 1. Follow the steps at [Enable passwordless phone sign-in authentication](../authentication/howto-authentication-passwordless-phone.md#enable-passwordless-phone-sign-in-authentication-methods)
 
    >[!IMPORTANT]
-   >In the above configuration under step 4, please choose **Passwordless** option. Change the mode for each groups added for PSI for **Authentication mode**, choose      **Passwordless** for passwordless sign-in to work with CBA.
+   >In the above configuration under step 4, please choose **Passwordless** option. Change the mode for each groups added for PSI for **Authentication mode**, choose      **Passwordless** for passwordless sign-in to work with CBA. If the admin configures "Any", the user can use either push or passwordless. If passwordless is preferred over push but still wants to allow push, admin can still choose "Any" but configure system preferred MFA or configure authentication strengths. 
 
 1. Select **Azure Active Directory** > **Security** > **Multifactor authentication** > **Additional cloud-based multifactor authentication settings**.