Update roles-custom-overview.md

Adjusted opening paragraph a bit.

Author: VinceSmith

articles/active-directory/users-groups-roles/roles-custom-overview.md

@@ -18,9 +18,11 @@ ms.collection: M365-identity-device-management
 
 # Custom administrator roles in Azure Active Directory (preview)
 
-This article describes how to understand the new custom roles in Azure Active Directory (Azure AD). Azure AD allows you to assign administrative privileges restricted to a customized Azure AD resource scope. Custom roles such as these are part of a preview release of the Azure AD role-based access control model. [Built-in roles](directory-assign-admin-roles.md) provide an adequate granularity for many situations, but when you want more fine-grained permissions, you can create custom roles to reduce the scope of control for the role to the level of a single Azure AD resource.
+This article describes how to understand the new custom RBAC (roles-based access control) and resource scopes in Azure Active Directory (Azure AD). Custom RBAC roles surfaces the underlying permissions of the [built-in roles](directory-assign-admin-roles.md) , so you can create and organize your own custom roles. Resource scopes gives you a way to assign the custom role to manage some resources (e.g. one application) without giving access to all resources (all applications).
 
-The preview release of Azure AD role-based access control exposes two scopes: an organization-wide scope (allowing the permitted actions for all Azure AD resources in the organization) and a custom scope, with permissions restricted to application registrations. In this custom role, you can edit app registration permissions. Over time, additional permissions for organization resources like enterprise applications, users, and devices will be added.
+Granting permission using custom RBAC roles is a two-step process. First, you create a custom role definition and add permissions to it from the preset list. These are the same permissions used in the built-in roles. Once you’ve created your role, you assign it to someone by creating a role assignment. This two-step process allows you to create one role and assign it many times at different scopes. A custom role can be assigned at directory scope, or it can be assigned at an object scope. An example of an object scope would be a single application. This way the same role can be assigned to Sally over all applications in the directory and then Naveen over just the Contoso Expense Reports app.
+
+This first release of custom RBAC roles includes the ability to create a role to assign permissions for managing app registrations. Over time, additional permissions for organization resources like enterprise applications, users, and devices will be added.
 
 Preview features:
 
@@ -75,4 +77,4 @@ A scope is the restriction of permitted actions on a particular Azure AD resourc
 ## Next steps
 
 - Create custom role assignments using [the Azure portal, Azure AD PowerShell, and Graph API](roles-create-custom.md)
-- [View the assignments for a custom role](roles-view-assignments.md#view-the-assignments-of-a-role-with-single-application-scope-using-the-azure-ad-portal-preview)
+- [View the assignments for a custom role](roles-view-assignments.md#view-the-assignments-of-a-role-with-single-application-scope-using-the-azure-ad-portal-preview)