diff --git a/windows/security/threat-protection/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/applocker/configure-the-application-identity-service.md
index 73a7463d29..eace7b9b57 100644
--- a/windows/security/threat-protection/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/applocker/configure-the-application-identity-service.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
-ms.date: 09/21/2017
+ms.date: 04/02/2018
 ---
 
 # Configure the Application Identity service
@@ -38,4 +38,12 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
 2.  Click the **Services** tab, right-click **AppIDSvc**, and then click **Start Service**.
 3.  Verify that the status for the Application Identity service is **Running**.
 
-Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic**. 
+Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic** by using the Sevices snap-in. Try either of these methods instead:
+
+- Open an elevated commnad prompt or PowerShell session and type:
+
+   ```powershell
+   sc.exe config appidsvc start= auto
+   ```
+
+- Create a security template that configures appidsvc to be automatic start, and apply it using secedit.exe or LGPO.exe.