diff --git a/changelogs/unreleased/6661-SamMHD-minor.md b/changelogs/unreleased/6661-SamMHD-minor.md
index 525849aa3d8..9a6330a74e9 100644
--- a/changelogs/unreleased/6661-SamMHD-minor.md
+++ b/changelogs/unreleased/6661-SamMHD-minor.md
@@ -1,6 +1,8 @@
 ## Disable ExtAuth by default if GlobalExtAuth.AuthPolicy.Disabled is set
 
-Global external authorization or vhost-level authorization is enabled by default unless an AuthPolicy explicitly disables it. By default, `disabled` is set to `GlobalExtAuth.AuthPolicy.Disabled`. This global setting can be overridden by vhost-level AuthPolicy, which can further be overridden by route-specific AuthPolicy. Therefore, the final authorization state is determined by the most specific policy applied at the route level.
+Global external authorization can now be disabled by default and enabled by overriding the vhost and route level auth policies.
+This is achieved by setting the `globalExtAuth.authPolicy.disabled` in the configuration file or `ContourConfiguration` CRD to `true`, and setting the `authPolicy.disabled` to `false` in the vhost and route level auth policies.
+The final authorization state is determined by the most specific policy applied at the route level.
 
 ## Disable External Authorization in UpgradeHTTPS