diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index f9a000c334..02ccecc491 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -173,6 +173,9 @@ Local Security Authority Subsystem Service (LSASS) authenticates users who log i
 ### Rule: Block process creations originating from PSExec and WMI commands
  
 This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks.
+
+>[!WARNING]
+>[Only use this rule if you are managing your devices with Intune or other MDM solution. If you use this rule with SCCM, it will prevent SCCM compliance rules from working, because this rule blocks the PSExec commands in SCCM.]
  
 ### Rule: Block untrusted and unsigned processes that run from USB