diff --git a/09-AzureDevOps(VSTS)-Security/Readme.md b/09-AzureDevOps(VSTS)-Security/Readme.md
index 8213a3f2..900d5e5a 100644
--- a/09-AzureDevOps(VSTS)-Security/Readme.md
+++ b/09-AzureDevOps(VSTS)-Security/Readme.md
@@ -75,7 +75,7 @@ An Azure-based continuous assurance scanning solution for ADO can be setup in su
 In this section, we will walk through the steps of setting up a Azure DevOps Organization for Continuous Assurance coverage in a subscription. 
 
 To get started, we need the following:
-1. The user setting up Continuous Assurance needs to have 'Owner' access to the subscription. 
+1. The user setting up Continuous Assurance needs to have 'Owner' access to the subscription or 'Owner' access to the resource group where Continuous assurance will be setup. 
 
 2. Target Log Analytics WorkspaceID* and SharedKey. (The Log Analytics workspace can be in a different subscription, see note below)
 
@@ -230,7 +230,7 @@ Command:
 Get-AzSKADOContinuousAssurance  -SubscriptionId <SubscriptionId> `
                                 -OrganizationName <OrganizationName> `
                                 [-ResourceGroupName <ResourceGroupName>] `
-                                [-FunctionAppName <FunctionAppName>]
+                                [-RsrcTimeStamp <RsrcTimeStamp>] 
 ```
 
 
@@ -587,10 +587,23 @@ Get-AzSKADOSecurityStatus -OrganizationName "<OrganizationName>" -ProjectNames "
 Allowing scan for more then 1000 resources can be configured through the organization policy by updating 'IsAllowLongRunningSca'n and 'LongRunningScanCheckPoint' properties in the ControlSettings.json file. 
 If 'IsAllowLongRunningScan' is set to true, then by using '-AllowLongRunningScan' switch parameter, AzSK.ADO allows scan for resources count which is set in 'LongRunningScanCheckPoint'. If 'IsAllowLongRunningScan' value is set to false it does not allow scan for more then resources count set in 'LongRunningScanCheckPoint'. 
 
+### Execute SVTs using "-DetailedScan" switch
+
+A special flag -DetailedScan in the scan command which can be used to tell the scanner to query and display richer information when evaluating certain controls. This is “off by default” and helps us scan RBAC controls at scale by avoiding API calls that can be deferred to a fix stage. 
+```PowerShell
+Get-AzSKADOSecurityStatus -OrganizationName "<OrganizationName>" -ScanAllArtifacts -DetailedScan
+```
+Detailed information is also generated when -ControlIds or -ControlsToAttest flag is used. At present, the following controls support this flag: 
+- ADO_Build_AuthZ_Grant_Min_RBAC_Access
+- ADO_Release_AuthZ_Grant_Min_RBAC_Access
+- ADO_Organization_AuthZ_Justify_Guest_Identities
+
 ### Execute SVTs using "-UsePartialCommits" switch
 
 The Get-AzSKADOSecurityStatus command now supports checkpointing via a "-UsePartialCommits" switch. When this switch is used, the command periodically persists scan progress to disk. That way, if the scan is interrupted or an error occurs, a future retry can resume from the last saved state. This capability also helps in Continuous Assurance scans if scan gets suspended due to any unforeseen reason.The cmdlet below checks security control state via a "-UsePartialCommits" switch:
+```PowerShell
 Get-AzSKADOSecurityStatus-OrganizationName "<OrganizationName>" -ScanAllArtifacts -UsePartialCommits
+```
 
 # Control Attestation