diff --git a/Task/Windows Workstation Security Tweaks Combined Script.ps1 b/Task/Windows Workstation Security Tweaks Combined Script.ps1
index 129c2cd..d675df2 100644
--- a/Task/Windows Workstation Security Tweaks Combined Script.ps1	
+++ b/Task/Windows Workstation Security Tweaks Combined Script.ps1	
@@ -1,6 +1,9 @@
 <#
 Author: Logan Cook
 Notes: Requires `WinFeatureShould-Be` Helper function
+Instructions: To discover new items to enforce, visit https://security.microsoft.com/exposure-recommendations -> Devices -> Misconfigurations.
+    After selecting a misconfiguration and selecting the 'remediation options' tab, check if there is a registry control. If there is, that is what you use here.
+    If there is no registry control, the hardening is likely intended to be done via device CSPs. Intune (usually Attack Surface Reduction) is a great secondary enforcement mechanism.
 #>
 
 param(
@@ -176,4 +179,4 @@ Get-WindowsRegistryValue -Path "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\F
 # Granular State gathering
 #   CMDlet DSC block
 
-WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1
\ No newline at end of file
+WinFeatureShould-Be -Feature "SMB1Protocol" -State $SMB1