diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index b3beaf7ff2..f03a64a586 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2926,7 +2926,8 @@ This policy setting controls whether or not exclusions are visible to local admi
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Applying this setting won't remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in Get-MpPreference.
+> Applying this setting won't remove exclusions from the device registry. They will be applied and enforced, but they will not be visible via the Defender manageability tools like Get-MpPreference nor by the registry editor to the Defender owned registry hive.
+
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-End -->
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-DFProperties-Begin -->
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
index 4181691e76..e2c44042bd 100644
--- a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
@@ -62,7 +62,7 @@ Although App Control audit mode is designed to avoid impact to apps, some featur
 
 ### .NET native images may generate false positive block events
 
-In some cases, the code integrity logs where App Control for Business errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
+In some cases, the code integrity logs where App Control for Business errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window. To prevent that, consider compiling your .NET application ahead of time using the [Native AOT](/dotnet/core/deploying/native-aot) feature.
 
 ### Signatures using elliptical curve cryptography (ECC) aren't supported