From b90e3392d1d6a74df6eaaa1ba8dfa9b932841aed Mon Sep 17 00:00:00 2001
From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com>
Date: Thu, 3 Sep 2020 14:27:15 -0400
Subject: [PATCH] Update RBAC for file downloads

Different RBAC roles are required for downloading PE vs non-PE files.  Removed periods from bullet items as some had periods and some didnt.
---
 .../microsoft-defender-atp/user-roles.md                 | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index 4514bd1e98..14ddebf85f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -60,21 +60,22 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
     - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions
     - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities
 
-- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags.
+- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags, and download only portable executable (PE) files 
 
-- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups.
+- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
 
     > [!NOTE]
     > This setting is only available in the Microsoft Defender ATP administrator (default) role.
 
-- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab.
+- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
 
 - **Live response capabilities**
     - **Basic** commands:
         - Start a live response session
         - Perform read only live response commands on remote device (excluding file copy and execution
     - **Advanced** commands:
-        - Download a file from the remote device
+        - Download a file from the remote device via live response
+        - Download PE and non-PE files from the file page
         - Upload a file to the remote device
         - View a script from the files library
         - Execute a script on the remote device from the files library