As you are probably aware, Azure AD is now supporting certificate based authentication (in preview – see https://t.co/b09Hn1AXum).
Well, the certificate based authentication has been improved by providing the ability to use certificate to authenticate with Windows Logon and easier certificate root management.
To use a certificate (using a Smart Card) during Windows Logon you need to use Windows 11 22H2 (which will be released later this year. The authentication will work with both Azure AD Joined and Hybrid Joined devices.
In addition, Android and iOS devices can also now user certificate to authenticate against Microsoft Cloud services like Azure Information Protection, Company Portal, Teams or Office and Outlook (list not exhaustive).
Finally, the management of the certification authority certificates has been simplified and moved to the Security blade of Azure AD (Azure Active Directory\Security\Certificate Authorities)