From a3fc0b136131263b07854826428a9a4e2c3e0d4d Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 2 Aug 2016 03:32:04 +1000
Subject: [PATCH] Revert some info back

---
 ...-access-windows-defender-advanced-threat-protection.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
index ad6dfa190d..a5f9685302 100644
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -25,6 +25,14 @@ Windows Defender ATP users and access permissions are managed in Azure Active Di
 - Full access (Read and Write)
 - Read only access
 
+**Full access** <br>
+Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
+Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
+
+**Read only access** <br>
+Users with read only access can log in, view all alerts, and related information. 
+They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
+Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role.
 
 Use the following steps to assign security roles:
 - Preparations: