diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 254521244c..a520ed0b5c 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -18,11 +18,14 @@
 #### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 
 #### [Phase 1: Plan](microsoft-defender-atp/prepare-deployment.md)
-##### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
+#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
+##### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
+##### [Security compass](microsoft-defender-atp/security-compass.md)
 
-#### [Phase 2: Pilot/Evaluate the capabilities](microsoft-defender-atp/evaluation-lab.md)
+#### [Phase 2: Onboard](microsoft-defender-atp/production-deployment.md)
 
-#### [Phase 3: Deploy](microsoft-defender-atp/production-deployment.md)
+
+#### [Phase 3: Configure](microsoft-defender-atp/configure.md)
 
 ### [Configuration guide]()
 #### [Configure and manage capabilities]()
@@ -309,9 +312,9 @@
 
 
 
-#### [Custom detections]()
-##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
-##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
+##### [Custom detections]()
+###### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
+###### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
 
 
 #### [Security administration]()
@@ -374,7 +377,7 @@
 #### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 
 #### [Next-generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-##### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoftntivirus.md)
+##### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
 
 #### [Endpoint detection and response]()
 #####[Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure.md b/windows/security/threat-protection/microsoft-defender-atp/configure.md
new file mode 100644
index 0000000000..513ce6e9d5
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure.md
@@ -0,0 +1,19 @@
+---
+title: Configure capabilities
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance  
+ms.topic: article
+---
+
+# Configure capabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 83fc92fa01..c65eb44f0a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -18,4 +18,47 @@ ms.topic: article
 
 # Deployment phases
 
+There are three phases in deploying Microsoft Defender ATP:
 
+
+<br>
+<table border="0" width="100%" align="center">
+  <tr style="text-align:center;">
+    <td align="center" style="width:25%; border:0;">
+      <a href= "/windows/microsoft-defender-atp/prepare-deployment"> 
+        <img src="images/plan.png" alt="Plan to deploy Microsoft Defender ATP" title="Plan" />
+      <br/>Plan </a><br>
+    </td>
+     <td align="center">
+      <a href="/windows/microsoft-defender-atp/production-deployment">
+        <img src="images/oboard.png" alt="Onboard to the Microsoft Defender ATP service" title="Onboard to Microsoft Defender ATP" />
+      <br/>Onboard </a><br>
+    </td>
+    <td align="center">
+      <a href="/windows/microsoft-defender-atp/configure">
+        <img src="images/configure.png" alt="Configure capabilities" title="Configure capabilities" />
+      <br/>Configure </a><br>
+  </tr>
+</table>
+
+## Plan 
+The planning phase guides you through what you need to consider when deploying Microsoft Defender ATP. 
+
+You will need to consider the following:
+- Stakeholders and Sign-off
+- Environment considerations
+- Access 
+- Adoption order
+
+You can use the security compass to better prepare you in the deployment journey. 
+
+## Onboard
+The onboarding phase covers the initial steps you'll take as you first access Microsoft Defender Security Center. You'll be guided on:
+
+- Validating the licensing
+- Completing the setup wizard within the portal
+- Network configuration
+= Onboarding a device 
+
+## Configure
+Maximize the Microsoft Defender ATP capabilities by configuring the components that make up the platform. 
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/configure-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/configure-page.png
new file mode 100644
index 0000000000..899a5a2312
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/configure-page.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/configure.png b/windows/security/threat-protection/microsoft-defender-atp/images/configure.png
new file mode 100644
index 0000000000..a8657fc3aa
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/configure.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/oboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/oboard.png
new file mode 100644
index 0000000000..cd9e16abb8
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/oboard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/onboard-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/onboard-page.png
new file mode 100644
index 0000000000..3b6aaed8fa
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/onboard-page.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/plan-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/plan-page.png
new file mode 100644
index 0000000000..07ff19f20e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/plan-page.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/plan.png b/windows/security/threat-protection/microsoft-defender-atp/images/plan.png
new file mode 100644
index 0000000000..fa484b1d9d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/plan.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-compass.md b/windows/security/threat-protection/microsoft-defender-atp/security-compass.md
new file mode 100644
index 0000000000..a7e9fff7ec
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-compass.md
@@ -0,0 +1,24 @@
+---
+title: Security compass
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance  
+ms.topic: article
+---
+
+# Security compass
+
+Use the security compass as a guide in 
+
+
+Put Chris Hatley's visios here
\ No newline at end of file