diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 147eb07fb2..98afe5e640 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -41,6 +41,27 @@ There are three phases in deploying Microsoft Defender ATP:
There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
+## Deploy Microsoft Defender ATP in rings
+
+Deploying Microsoft Defender ATP can be done using a ring-based deployment approach.
+
+A ring-based approach is a method of identifying a set of machines to onboard with specific timelines and verifying that certain criteria are met before the deploying to a larger set of devices.
+
+Adopting a ring-based deployment helps reduce potential issues or conflicts that could arise while rolling the service out. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise.
+
+
+Table 1 provides an example of the deployment rings you might use.
+
+**Table 1**
+
+|**Deployment ring**|**Description**|
+|:-----|:-----|
+Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing - Focus on the security team, IT team and maybe Helpdesk
+Full scale pilot | Phase 2: 100 systems
Phase 3: 150 systems
Phase 4: 500 systems
Phase 5: 1000 systems
Review and assess if there required tweaks to deployment.
+Full deployment | Roll out service to the rest of environment in larger increments.
+
+
+
## In Scope
The following is in scope for this deployment guide:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
new file mode 100644
index 0000000000..e69de29bb2