diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
index 11dde6b424..332166ff68 100644
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -21,37 +21,33 @@ You can use a Group Policy (GP) configuration package or an automated script to
 
 ## Configure with System Center Configuration Manager (SCCM)
 
-1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):  <span style="background-color: yellow;">Naama: Confirm package name</span>
+1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage_ConfigurationManager.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): 
 
-  a. Click **Client onboarding** on the **Navigation pane**.
+    a. Click **Client onboarding** on the **Navigation pane**.
 
-  b. Select **SCCM**, click **Download package**, and save the .zip file. <span style="background-color: yellow;">Iaan: Need to confirm the UI for this</span>
+    b. Select **SCCM**, click **Download package**, and save the .zip file. 
 
 2.	Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package.
 
-<span style="background-color: yellow;">Iaan: Will confirm ui for this</span>
+3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. 
 
-3. In the SCCM console, go to **Software Library**.
-4. Under **Application Management**, right-click **Packages** and select **Import**.
-5. Click **Browse** and choose the package that was downloaded from the portal (zip file).
-6. The package will appear under the Packages page.
-7. Right-click the Package and choose deploy.
-8. Choose a predefined device collection to deploy the package to.
+4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic.
+
+    a. Choose a predefined device collection to deploy the package to.
 
-<span style="background-color: yellow;">Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?)</span>
 
 ## Configure with Group Policy
 Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service.
 
 > **Note**&nbsp;&nbsp; To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 TAP.
 
-1.  Open the GP configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):
+1.  Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):
 
     a.  Click **Client onboarding** on the **Navigation pane**.
 
     b.  Select **GP**, click **Download package** and save the .zip file.
 
-2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called _*OptionalParamsPolicy*_ and the file _*WindowsATPOnboardingPackage.cmd*_.
+2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsATPOnboardingScript.cmd*.
 
 3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
@@ -63,7 +59,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf
 
 7. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box.
 
-8. Go to the **Actions** tab and click **New…** Ensure that **Start a program** is selected in the **Action** field. Enter the file name and location of the shared _*WindowsATPOnboardingPackage.cmd*_ file.
+8. Go to the **Actions** tab and click **New...** Ensure that **Start a program** is selected in the **Action** field. Enter the file name and location of the shared *WindowsATPOnboardingScript.cmd* file.
 
 9. Click **OK** and close any open GPMC windows.
 
@@ -84,7 +80,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
     ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
-3.  Type the location of the script file. If you copied the file the
+3.  Type the location of the script file. If you copied the file to the
     desktop, type: *```%userprofile%\Desktop\WindowsATPOnboardingScript.cmd```*
 
 4.  Press the  **Enter** key or click  **OK**.
diff --git a/windows/keep-secure/images/sccm-deployment.png b/windows/keep-secure/images/sccm-deployment.png
index a72c7eca69..99d9b858d8 100644
Binary files a/windows/keep-secure/images/sccm-deployment.png and b/windows/keep-secure/images/sccm-deployment.png differ
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 18d1ad3e3e..cb21dec085 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -58,8 +58,8 @@ disabled you can turn it on by following the instructions in the
 ### Deployment channel operating system requirements
 
 You can choose to onboard endpoints with a scheduled Group Policy
-(GP) update (using a GP package that you
-download from the portal or during the service onboarding wizard) or
+(GP) or System Center Configuration Manager (SCCM) update (using a configuration package that you
+download from the portal or during the service onboarding wizard), or by making
 manual registry changes.
 
 The following describes the minimum operating system or software version
@@ -68,5 +68,6 @@ required for each deployment channel.
 Deployment channel | Minimum server requirements 
 :---|:---
 Group Policy settings | Windows Server 2008 R2
+System Center Configuration Manager | SCCM 2012
 Manual registry modifications | No minimum requirements
 
diff --git a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
index e6475636ed..6b2f4ef554 100644
--- a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 author: mjcaparas
 ---
 
-# Monitor the Windows Defender Advanced Threat Protection onboarding
+# Monitor Windows Defender Advanced Threat Protection onboarding
 
 **Applies to:**
 
@@ -40,7 +40,7 @@ Monitoring with SCCM consists of two parts:
 
 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the endpoints in your network.
 
-[[[2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service).]]
+2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service).
 
 **To confirm the configuration package has been correctly deployed:**
 
@@ -48,47 +48,13 @@ Monitoring with SCCM consists of two parts:
 
 2. Click **Overview** and then **Deployments**.
 
-3. Click on the deployment with the package name. <span style="background-color: yellow;">What is the name of the deployment, will it always be the same for every user/installation? - it's chosen by the user</span>
+3. Click on the deployment with the package name. 
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
 If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the endpoints. See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for more information.
 
-<span style="background-color: yellow;">Naama: Is this a correct process for idendtifying/resolving issues? YES!</span>
-
-![image](images/sccm-deployment.png)
-
-[[**To check that your endpoints are compliant:**
-
-1. Get the *compliance.cab* file from the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded during the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):
-
-  1. Click **Client onboarding** on the **Navigation pane**.
-  2. Select **SCCM**, click **Download package** and save the .zip file. <span style="background-color: yellow;">Iaan: Need to confirm the UI for this</span>
-  3. Extract the *compliance.cab* file from the package.
-
-2. In the SCCM console, click **Assets and Compliance** at the bottom of the navigation pane.
-
-3. Click **Overview** and then **Compliance Settings**.
-
-4. In the main area of the SCCM console, click **Configuration Baselines** and import the provided cab. <span style="background-color: yellow;">Iaan: Need to confirm that 'import' is available/ UI is correct</span>
-
-5. Right-click the imported baseline and deploy to a predefined device collection. <span style="background-color: yellow;">Naama: Is this 'export' as in the screenshot, or is that showing something else?</span>
-
-  ![image](images/export-sccm.png)  
-
-  <span style="background-color: yellow;">Iaan: Need to confirm this is what it looks like</span>
-
-6. In the SCCM console, click **Monitoring** at the bottom of the navigation pane.
-
-7. Click **Overview** and then **Deployments**.
-
-8. Click the deployment with the package name <span style="background-color: yellow;">Naama: What is the name of the deployment, will it always be the same for every user/installation?</span>
-
-<span style="background-color: yellow;">Naama: How does one know if there is an issue?</span>
-
-If there are non-compliant endpoints (endpoints with ?????), you may need to troubleshoot the endpoints. See the [Troubleshoot Windows Defender ATP onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for more information.
-
-<span style="background-color: yellow;">Naama: Is this a correct process for resolving issues?</span>]]]
+![SCCM showing successful deployment with no errors](images/sccm-deployment.png)
 
 ## Related topics
 - [Windows Defender ATP service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)