diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-05-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-05-02-preview/managedClusters.json
index d8f4e7599018..97d66937b363 100644
--- a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-05-02-preview/managedClusters.json
+++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-05-02-preview/managedClusters.json
@@ -6618,7 +6618,7 @@
               },
               {
                 "value": "SecurityPatch",
-                "description": "AKS will update the nodes VHD with patches from the image maintainer labelled \"security only\" on a regular basis. Where possible, patches will also be applied without reimaging to existing nodes. Some patches, such as kernel patches, cannot be applied to existing nodes without disruption. For such patches, the VHD will be updated, and machines will be rolling reimaged to that VHD following maintenance windows and surge settings. This option incurs the extra cost of hosting the VHDs in your node resource group."
+                "description": "AKS downloads and updates the nodes with tested security updates. These updates honor the maintenance window settings and produce a new VHD that is used on new nodes. On some occasions it's not possible to apply the updates in place, in such cases the existing nodes will also be re-imaged to the newly produced VHD in order to apply the changes. This option incurs an extra cost of hosting the new Security Patch VHDs in your resource group for just in time consumption."
               },
               {
                 "value": "NodeImage",