diff --git a/docs/getting-started/defend-feature-privs.asciidoc b/docs/getting-started/defend-feature-privs.asciidoc
index 9abfed2f32..35b341f3d3 100644
--- a/docs/getting-started/defend-feature-privs.asciidoc
+++ b/docs/getting-started/defend-feature-privs.asciidoc
@@ -12,7 +12,11 @@ To configure roles and privileges, find **Roles** in the navigation menu or by u
 
 NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual space. 
 
-To grant access, select *All* for the *Security* feature in the *{kib} privileges* configuration UI, then turn on the *Customize sub-feature privileges* switch. For each of the following sub-feature privileges, select the type of access you want to allow:
+To grant access, select *All* for the *Security* feature in the *Assign role to space* configuration UI, then turn on the *Customize sub-feature privileges* switch. 
+
+IMPORTANT: Selecting **All** for the overall **Security** feature does NOT enable any sub-features. You must also enable the **Customize sub-feature privileges** switch, and then enable each sub-feature privilege individually.
+
+For each of the following sub-feature privileges, select the type of access you want to allow:
 
 * *All*: Users have full access to the feature, which includes performing all available actions and managing configuration.
 * *Read*: Users can view the feature, but can't perform any actions or manage configuration (some features don't have this privilege).