Merge pull request #90552 from abhijeetsinha/patch-20

PRMerger14 · web-flow · commit b2fab1e40494 · 2019-10-03T14:31:04.000-07:00
Update directory-assign-admin-roles.md
diff --git a/articles/active-directory/users-groups-roles/directory-assign-admin-roles.md b/articles/active-directory/users-groups-roles/directory-assign-admin-roles.md
@@ -166,7 +166,10 @@ This role is available for assignment only as an additional local administrator
 
 ### [Directory Readers](#directory-readers-permissions)
 
-This is a role that should be assigned only to legacy applications that do not support the [Consent Framework](../develop/quickstart-v1-integrate-apps-with-azure-ad.md). Don't assign it to users.
+Users in this role can read basic directory information. This role should be used for:
+* Granting a specific set of guest users read access instead of granting it to all guest users.
+* Granting a specific set of non-admin users access to Azure Portal when “Restrict access to Azure AD portal to admins only” is set to “Yes”.
+* Granting service principals access to directory where Directory.Read.All is not an option.
 
 ### [Directory Synchronization Accounts](#directory-synchronization-accounts-permissions)
 
