This feature enables organisations with existing smart card & public-key-infrastructure (PKI) deployments to authenticate to Azure AD without a federated server.