fix extension names

windows/keep-secure/TOC.md

@@ -684,14 +684,12 @@
 ##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
 ###### [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 ###### [Configure endpoints using System Security Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-####### [Configure endpoints using SCCM 2016](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-system-center-configuration-manager-(current-branch)-version-1606))
+####### [Configure endpoints using SCCM 1606](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-system-center-configuration-manager-(current-branch)-version-1606))
 ####### [Configure endpoints using SCCM 2012](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-system-center-configuration-manager-2012-or-later-versions)
 ###### [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 ####### [Configure endpoints using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
 ###### [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
-##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)

windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md

@@ -21,6 +21,7 @@ author: mjcaparas
 
 > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. 
 
+### Onboard endpoints
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Endpoint Management** on the **Navigation pane**.
@@ -47,7 +48,7 @@ author: mjcaparas
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
-## Configure sample collection settings using Group Policy
+### Configure sample collection settings using Group Policy
 1.  On your GP management machine, copy the following files from the
     configuration package:
 
@@ -65,7 +66,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
 6.  Choose to enable or disable sample sharing from your endpoints.
 
-## Offboard endpoints using Group Policy
+### Offboard endpoints
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.

windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md

@@ -31,6 +31,8 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
 > **Note**   If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
 
+### Onboard and monitor endpoints 
+
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
  
     a.  Click **Endpoint Management** on the **Navigation pane**.
@@ -59,7 +61,7 @@ Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThrea
 
 > **Note**  Policies **Health Status for onboarded machines** and **Health Status for offboarded machines** use read-only properties and can't be remediated.
 
-## Offboard and monitor endpoints using Mobile Device Management tools
+### Offboard and monitor endpoints
 
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
@@ -70,7 +72,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
     a. Click **Endpoint Management** on the **Navigation pane**.
     b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file.
     
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.offboarding*.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
 
 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). 
 

windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 author: mjcaparas
 ---
 
-# Configure endpoints with System Center Configuration Manager
+# Configure endpoints uisng System Center Configuration Manager
 
 **Applies to:**
 
@@ -24,8 +24,10 @@ System Center Configuration Manager (current branch) version 1606, currently in
 
 > **Note**   If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
 
-## Configure endpoints using System Center 2012 Configuration Manager or later versions
-You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in System Center 2012 Configuration Manager or later versions, including: System Center 2012 R2 Configuration Manager, System Center Configuration Manager and System Center Configuration Manager (current branch), version 1602 or earlier. 
+## Configure endpoints using System Center Configuration Manager (current branch) version 1602 or earlier versions 
+You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in System Center Configuration Manager (current branch), version 1602 or earlier, including: System Center 2012 R2 Configuration Manager and System Center 2012 Configuration Manager. 
+
+### Onboard endpoints 
 
 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
@@ -41,7 +43,7 @@ You can use System Center Configuration Manager’s existing functionality to cr
 
     a. Choose a predefined device collection to deploy the package to.
     
-## Offboard endpoints using System Center Configuration Manager
+### Offboard endpoints 
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
 > **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
@@ -51,7 +53,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
     a. Click Endpoint Management on the Navigation pane.
     b. Under Endpoint offboarding section, select System Center Configuration Manager (current branch) version 1602 or earlier, click Download package, and save the .zip file.
     
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.cmd*.
 
 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
 
@@ -59,7 +61,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
     a. Choose a predefined device collection to deploy the package to.
     
-## Monitor endpoint configuration using System Center Configuration Manager
+### Monitor endpoint configuration using System Center Configuration Manager
 Monitoring with SCCM consists of two parts:
 
 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the endpoints in your network.

windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md

@@ -47,7 +47,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
     a. Click **Endpoint Management** on the **Navigation pane**.
     b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file.
     
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_\<YYYY-MM-DD\>.cmd*.
 
 3.  Open an elevated command-line prompt on the endpoint and run the script:
 
@@ -57,6 +57,6 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
     ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
-4.  Type the location of the script file. If you copied the file to the desktop, type: *`%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd`*
+4.  Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOffboardingScript_valid_until_\<YYYY-MM-DD\>.cmd*
 
 5.  Press the **Enter** key or click **OK**.