diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 2d37313936..a5cb3552c8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -27,6 +27,8 @@ Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intu
 
 With Intune, IT Pros can now configure their managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps their business uses. This feature changes the S mode security posture from “every app is Microsoft-verified" to “every app is verified by Microsoft or your organization”. 
 
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4mlcp]
+
 ## Policy Authorization Process
 ![Policy Authorization](images/wdac-intune-policy-authorization.png)
 The general steps for expanding the S mode base policy on your devices are to generate a supplemental policy, sign that policy, and then upload the signed policy to Intune and assign it to user or device groups.