diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
index 7a153afde0..685cb29710 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
@@ -356,6 +356,11 @@
#### Interoperability
##### [Partner applications](partner-applications.md)
+#### [Manage machine configuration](configure-machines.md)
+##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
+##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
+##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
+
#### Role-based access control
##### [Manage portal access using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
new file mode 100644
index 0000000000..9b0a3173f6
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
@@ -0,0 +1,55 @@
+---
+title: Optimize ASR rule deployment and detections
+description: Ensure your attack surface reduction (ASR) rules are fully deployed and optimized to effectively identify and prevent actions that are typically taken by malware during exploitation.
+keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: procedural
+---
+
+# Optimize ASR rule deployment and detections
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
+[Attack surface reduction (ASR) rules](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) identify and prevent actions that are typically taken by malware during exploitation. These rules control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, or block processes that run from USB drives.
+
+
+*Attack surface management card*
+
+The **Attack surface management** card is an entry point to tools in Microsoft 365 security center that you can use to:
+
+- Understand how ASR rules are currently deployed in your organization
+- Review ASR detections and identify possible incorrect detections
+- Analyze the impact of exclusions and generate the list of file paths to exclude
+
+Selecting **Go to attack surface management** takes you to **Monitoring & reports > Attack surface reduction rules > Add exclusions**. From there, you can navigate to other sections of Microsoft 365 security center.
+
+
+*Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center*
+
+>[!NOTE]
+>To access Microsoft 365 security center, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Azure Active Directory. [Read more about required licenses and permissions](https://docs.microsoft.com/office365/securitycompliance/microsoft-security-and-compliance#required-licenses-and-permissions)
+
+For more information about optimizing ASR rule deployment in Microsoft 365 security center, read [Monitor and manage ASR rule deployment and detections](https://docs.microsoft.com/office365/securitycompliance/monitor-devices#monitor-and-manage-asr-rule-deployment-and-detections)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+
+# Related topics
+- [Ensure your machines are configured properly](configure-machines.md)
+- [Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
+- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
new file mode 100644
index 0000000000..ad42b1bcd9
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -0,0 +1,76 @@
+---
+title: Get machines onboarded to Microsoft Defender ATP
+description: Track onboarding of Intune-managed machines to Windows Defender ATP and increase onboarding rate.
+keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, configuration management
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: procedural
+---
+
+# Get machines onboarded to Microsoft Defender ATP
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
+Each onboarded machine adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a machine can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks.
+
+## Discover and track unprotected machines
+
+The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 machines that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 machines.
+
+
+*Card showing onboarded machines compared to the total number of Intune-managed Windows 10 machine*
+
+>[!NOTE]
+>- If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to your machines.
+>- During preview, you might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
+
+## Onboard more machines with Intune profiles
+
+Microsoft Defender ATP provides several convenient options for [onboarding Windows 10 machines](onboard-configure.md). For Intune-managed machines, however, you can leverage Intune profiles to conveniently deploy the Microsoft Defender ATP sensor to select machines, effectively onboarding these devices to the service.
+
+From the **Onboarding** card, select **Onboard more machines** to create and assign a profile on Intune. The link takes you to a similar overview of your onboarding state.
+
+>[!TIP]
+>Alternatively, you can navigate to the Microsoft Defender ATP onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
+
+From the overview, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the machines you want to onboard.
+
+1. Select **Create a device configuration profile to configure ATP sensor**.
+
+ 
+ *Microsoft Defender ATP device compliance page on Intune device management*
+
+2. Specify a name for the profile, specify desired configuration options for sample sharing and reporting frequency, and select **Create** to save the new profile.
+
+ 
+ *Configuration profile creation*
+
+3. After creating the profile, assign it to all your machines. You can review profiles and their deployment status anytime by accessing **Device configuration > Profiles** on Intune.
+
+ 
+ *Assigning the new agent profile to all machines*
+
+>[!TIP]
+>To learn more about Intune profiles, read [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-profile-assign).
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+
+# Related topics
+- [Ensure your machines are configured properly](configure-machines.md)
+- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+- [Optimize ASR rule deployment and detections](configure-machines-asr.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
new file mode 100644
index 0000000000..b7a5c0bf30
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
@@ -0,0 +1,108 @@
+---
+title: Increase compliance to the Microsoft Defender ATP security baseline
+description: The Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
+keywords: Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection ASR, security baseline
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: procedural
+---
+
+# Increase compliance to the Microsoft Defender ATP security baseline
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
+Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
+
+To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a).
+
+## Compare the Microsoft Defender ATP and the Windows Intune security baselines
+The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure machines running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Windows Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
+
+- [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
+- [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
+
+Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
+
+## Get permissions to manage security baselines in Intune
+
+By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group.
+
+
+
+*Security baseline permissions on Intune*
+
+## Monitor compliance to the Microsoft Defender ATP security baseline
+
+The **Security baseline** card on [machine configuration management](configure-machines.md) provides an overview of compliance across Windows 10 machines that have been assigned the Microsoft Defender ATP security baseline.
+
+
+*Card showing compliance to the Microsoft Defender ATP security baseline*
+
+Each machine is given one of the following status types:
+
+- **Matches baseline**—machine settings match all the settings in the baseline
+- **Does not match baseline**—at least one machine setting doesn't match the baseline
+- **Misconfigured**—at least one baseline setting isn't properly configured on the machine and is in a conflict, error, or pending state
+- **Not applicable**—At least one baseline setting isn't applicable on the machine
+
+To review specific machines, select **Configure security baseline** on the card. This takes you to Intune device management. From there, select **Device status** for the names and statuses of the machines.
+
+>[!NOTE]
+>During preview, you might encounter a few known limitations:
+>- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
+>- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
+
+## Review and assign the Microsoft Defender ATP security baseline
+
+Machine configuration management monitors baseline compliance only of Windows 10 machines that have been specifically assigned the Microsoft Defender ATP security baseline. You can conveniently review the baseline and assign it to machines on Intune device management.
+
+1. Select **Configure security baseline** on the **Security baseline** card to go to Intune device management. A similar overview of baseline compliance is displayed.
+
+ >[!TIP]
+ > Alternatively, you can navigate to the Microsoft Defender ATP security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines (preview) > PREVIEW: Windows Defender ATP baseline**.
+
+
+2. Create a new profile.
+
+ 
+ *Microsoft Defender ATP security baseline overview on Intune*
+
+3. During profile creation, you can review and adjust specific settings on the baseline.
+
+ 
+ *Security baseline options during profile creation on Intune*
+
+4. Assign the profile to the appropriate machine group.
+
+ 
+ *Assigning the security baseline profile on Intune*
+
+5. Save the profile and deploy it to the assigned machine group.
+
+ 
+ *Saving and deploying the security baseline profile on Intune*
+
+>[!TIP]
+>To learn more about Intune security baselines and assigning them, read [Create a Windows 10 security baseline in Intune](https://docs.microsoft.com/intune/security-baselines).
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+
+# Related topics
+- [Ensure your machines are configured properly](configure-machines.md)
+- [Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
+- [Optimize ASR rule deployment and detections](configure-machines-asr.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
new file mode 100644
index 0000000000..62140b2d6d
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
@@ -0,0 +1,69 @@
+---
+title: Ensure your machines are configured properly
+description: Properly configure machines to boost overall resilience against threats and enhance your capability to detect and respond to attacks.
+keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: procedural
+---
+
+# Ensure your machines are configured properly
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
+With properly configured machines, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your machines:
+
+- Onboard to Microsoft Defender ATP
+- Meet or exceed the Microsoft Defender ATP security baseline configuration
+- Have strategic attack surface mitigations in place
+
+
+*Machine configuration management page*
+
+You can track configuration status at an organizational level and quickly take action in response to poor onboarding coverage, compliance issues, and poorly optimized attack surface mitigations through direct, deep links to device management pages on Microsoft Intune and Microsoft 365 security center.
+
+In doing so, you benefit from:
+- Comprehensive visibility of the events on your machines
+- Robust threat intelligence and powerful machine learning technologies for processing raw events and identifying the breach activity and threat indicators
+- A full stack of security features configured to efficiently stop the installation of malicious implants, hijacking of system files and process, data exfiltration, and other threat activities
+- Optimized attack surface mitigations, maximizing strategic defenses against threat activity while minimizing impact to productivity
+
+## Enroll machines to Intune management
+
+Machine configuration management works closely with Intune device management to establish the inventory of the machines in your organization and the baseline security configuration. You will be able to track and manage configuration issues on Intune-managed Windows 10 machines.
+
+Before you can ensure your machines are configured properly, enroll them to Intune management. Intune enrollment is robust and has several enrollment options for Windows 10 machines. For more information about Intune enrollment options, read [Set up enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-enroll).
+
+>[!TIP]
+>To optimize machine management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
+
+>[!NOTE]
+>During preview, you might encounter a few known limitations:
+>- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
+>- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines.
+>- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
+
+
+## In this section
+Topic | Description
+:---|:---
+[Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)| Track onboarding status of Intune-managed machines and onboard more machines through Intune.
+[Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed machines.
+[Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center.
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_card.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_card.png
new file mode 100644
index 0000000000..dbf9cf07fa
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_card.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_m365exlusions.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_m365exlusions.png
new file mode 100644
index 0000000000..65d9ad6967
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_asr_m365exlusions.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_card.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_card.png
new file mode 100644
index 0000000000..c88ea0f49c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_card.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile1.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile1.png
new file mode 100644
index 0000000000..f8147866f5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile2.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile2.png
new file mode 100644
index 0000000000..a6b401f564
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile3.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile3.png
new file mode 100644
index 0000000000..8f88c5899e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile4.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile4.png
new file mode 100644
index 0000000000..2955624a72
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_permissions.png
new file mode 100644
index 0000000000..c97ef90085
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_permissions.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_main.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_main.png
new file mode 100644
index 0000000000..551526ae72
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_main.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_1deviceconfprofile.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_1deviceconfprofile.png
new file mode 100644
index 0000000000..097725199f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_1deviceconfprofile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_2deviceconfprofile.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_2deviceconfprofile.png
new file mode 100644
index 0000000000..7a14844ecd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_2deviceconfprofile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_3assignprofile.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_3assignprofile.png
new file mode 100644
index 0000000000..1a2f78c4ea
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_3assignprofile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_card.png b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_card.png
new file mode 100644
index 0000000000..331ad032a6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_onboarding_card.png differ