diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
index 19fd937e07..ad6dfa190d 100644
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -21,26 +21,24 @@ author: mjcaparas
 - Office 365
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). User can be assigned one of the following levels of permissions:
+Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). You can assign users with one of the following levels of permissions:
 - Full access (Read and Write)
 - Read only access
 
-**Full access** <br>
-Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
-Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
 
-**Read only access** <br>
-Users with read only access can log in, view all alerts, and related information. 
-They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
-Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role.
-
-<!--
-Your administrator can assign roles using the Office 365 portal, or in the Azure classic portal, or by using the AAD module for Windows PowerShell. 
-For more information, see [Assigning admin roles in Office 365](https://support.office.com/en-us/article/Assigning-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US) and [Assigning administrator roles in Azure Active Directory](https://azure.microsoft.com/en-us/documentation/articles/active-directory-assign-admin-roles/).-->
-
-Use the following cmdlets to perform the security role assignment:
-
-- Full access:<br>```Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com”```
-- Read only access:<br>```Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"```
+Use the following steps to assign security roles:
+- Preparations:
+    - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/).
+        > [!NOTE]
+        > You need to run the PowerShell cmdlets in an elevated command-line. 
+- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/en-us/library/dn194123.aspx).
+- For **read and write** access, assign users to the security administrator role by using the following command:
+```text
+Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
+```
+- For **read only** access, assign users to the security reader role by using the following command:
+```text
+Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com”
+```
 
 For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
