diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
index db90a26825..8f866fa055 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
@@ -14,11 +14,11 @@ The EA set on the NI file only applies to the currently active WDAC policies. If
 
 In some cases, if an NI file is blocked, you may see a "false positive" block event in the *CodeIntegrity - Operational* event log as described in [WDAC Admin Tips & Known Issues](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues#net-native-images-may-generate-false-positive-block-events).
 
-To mitigate any performance impact caused when the WDAC EA isn't valid or missing, use any of the following strategies:
+To mitigate any performance impact caused when the WDAC EA isn't valid or missing:
 
-1. Work with the app developer to pre-compile their NI and digitally sign it. Then, ensure your WDAC policies allow that signature;
-2. Run *ngen.exe update* to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies;
-3. [Create and sign a catalog file](/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control) for the native images
+- Avoid updating the WDAC policies often.
+- Run `ngen update` (on all machine architectures) to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies.
+- Migrate applications to .NET Core (.NET 6 or greater).
 
 ## WDAC and .NET hardening