diff --git a/README.md b/README.md
index 4dab3317fea4f0bf65bd0eee36d85d8fd47db367..96fbc1a75e4cb502c6130ad4d52d266891d8baba 100644
--- a/README.md
+++ b/README.md
@@ -14,16 +14,16 @@ After installing level-2, you can actually enroll the machine.
 
 > Installing level-2 components will make your machine managed. You must satisfy password requirements, and disk-encryption requirements. Ref: <https://aka.ms/LinuxPortal>
 
-TBD
+Use a Ubuntu 20.04 VM to perform level-2 enroll. ArchLinux level-2 enroll is theoretically supported, but I never tested it. 
 
-<!--
 1. install intune-portal and its dependencies (pwquality)
 2. copy /etc/os-release from ubuntu 2004 to archlinux
 3. make sure you followed procedure of official doc
--->
 
 ## Move certificates from Level-2 machine to Level-1 machine
 
+> You need to keep your level-2 machine running, or your certificate will invalidate in 1 month. 
+
 Copy the following files from enrolled Level-2 machine to unenrolled Level-1 machine: 
 
 ```