diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 8a96a6d..2dffdd7 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -37,7 +37,6 @@ jobs:
         env:
           FLEET_URL: ${{ secrets.FLEET_URL }}
           FLEET_API_TOKEN: ${{ secrets.FLEET_API_TOKEN }}
-          FLEET_SSO_METADATA: ${{ secrets.FLEET_SSO_METADATA }}
           FLEET_GLOBAL_ENROLL_SECRET: ${{ secrets.FLEET_GLOBAL_ENROLL_SECRET }}
           FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
           FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET }}
diff --git a/README.md b/README.md
index 6e54496..ee0c23d 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,8 @@
 # Fleet GitOps
 
-> #### 🚧 Fleet GitOps is currently in beta.
->
-> In Fleet 4.45, Fleet GitOps was released in beta. The Fleet team is currently [dogfooding](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) and documenting the feature. You can track the progress [here](https://github.com/fleetdm/fleet/issues/17043).
+This is the starter repository for using [Fleet](https://fleetdm.com) with a GitOps workflow.
 
-This folder illustrates the best practice for using Fleet with a GitOps workflow.
-
-How to set up a GitOps workflow to manage Fleet:
+How to set up your GitOps workflow:
 
 1. Clone this repository.
 
@@ -16,19 +12,10 @@ How to set up a GitOps workflow to manage Fleet:
 
 4. Create your own GitHub repository.
 
-5. Add `FLEET_URL` and `FLEET_API_TOKEN` to your GitHub repository secrets.
-
-6. Update the `env` section of your [.github/workflows/workflow.yml](https://github.com/fleetdm/fleet-gitops/blob/main/.github/workflows/workflow.yml) file for all the environment variables that are mentioned in your `default.yml` and `teams/*.yml` YAML files. For the environment variables that map to secrets, add the required secrets to your GitHub repository secrets.
-
-7. Push your cloned and modified code to your repo.
+5. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). Set `FLEET_API_TOKEN` to an API token for an API-only user in Fleet. Learn how [here](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user).
 
-8. In GitHub, enable the `Apply latest configuration to Fleet` GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit, the action will run and update Fleet.
+6. Push your cloned and modified code to your repo.
 
-#### Structure:
+7. In GitHub, enable the `Apply latest configuration to Fleet` GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit, the action will run and update Fleet.
 
-- `lib/` - folder for policies, queries, configuration profiles, scripts, and agent options. These files can be referenced in top level keys in the `default.yml` file and the files in the `teams/` folder.
-- `default.yml` - file that defines the queries, policies, controls, and agent options for all hosts. If you're using Fleet Premium, this file updates queries and policies that run on all hosts ("All teams"). Controls and agent options are defined for hosts on "No team."
-- `teams/` - folder for teams in Fleet. These `*.yml` files define the controls, queries, policies, and agent options for hosts assigned to the specified team.
-- `.github/workflows/workflow.yml` - the GitHub workflow file that applies the latest configuration to Fleet.
-- `.github/gitops-action/action.yml` - the GitHub action that runs `gitops.sh`. This action is used in the GitHub workflow file. It can also be used in other workflows.
-- `gitops.sh` - the bash script that applies the latest configuration to Fleet by executing `fleetctl gitops`. This script is used in the GitHub action file. It can be run standalone during development.
+For all configuration options, go to [GitOps reference](https://fleetdm.com/using-fleet/gitops) in the Fleet documentation.
diff --git a/default.yml b/default.yml
index 9fca90a..25c6464 100644
--- a/default.yml
+++ b/default.yml
@@ -1,58 +1,16 @@
-# For Fleet Free, this file updates queries, policies, controls, and agent options for all hosts.
+# For Fleet Free, this file updates policies, queries, agent_options, and controls for all hosts.
 
-# For Fleet Premium, the default.yml file updates queries and policies that run on all hosts ("All teams"). Controls and agent options are updated for hosts on "No team."
+# For Fleet Premium, the default.yml file updates policies and queries that run on all hosts ("All teams"). Controls and agent options are updated for hosts on "No team."
 
-controls: # Controls added to "No team"
-  macos_settings:
-    custom_settings:
-      - path: ./lib/macos-password.mobileconfig
-      # - path: ../lib/macos-os-updates.ddm.json (DDM coming soon)
-  windows_enabled_and_configured: true
-  windows_settings:
-    custom_settings:
-      - path: ./lib/windows-screenlock.xml
-  scripts:
-    - path: ./lib/collect-fleetd-logs.sh
-queries:
-  - path: ./lib/collect-fleetd-update-channels.queries.yml
 policies:
+queries:
 agent_options:
   path: ./lib/agent-options.yml
+controls:
 org_settings:
   server_settings:
-    debug_host_ids:
-      - 1
-      - 3
-    enable_analytics: true
-    live_query_disabled: false
-    query_reports_disabled: false
-    scripts_disabled: false
-    server_url: https://dogfood.fleetdm.com
+    server_url: $FLEET_URL
   org_info:
-    contact_url: https://fleetdm.com/company/contact
-    org_logo_url: ""
-    org_logo_url_light_background: ""
-    org_name: Fleet Device Management
-  smtp_settings:
-  sso_settings:
-    enable_jit_provisioning: false
-    enable_jit_role_sync: false
-    enable_sso: true
-    enable_sso_idp_login: false
-    idp_name: Google Workspace
-    entity_id: dogfood.fleetdm.com
-    metadata: $FLEET_SSO_METADATA
-  integrations:
-  mdm:
-    apple_bm_default_team:
-  webhook_settings:
-    vulnerabilities_webhook:
-      enable_vulnerabilities_webhook: true
-      destination_url: https://example.tines.com/webhook
-  fleet_desktop: # Applies to Fleet Premium only
-    transparency_url: https://fleetdm.com/transparency
-  host_expiry_settings: # Applies to all teams
-    host_expiry_enabled: false
-  features: # Features added to all teams
-  secrets: # These secrets are used to enroll hosts to the "All teams" team
+    org_name: Fleet
+  secrets:
     - secret: "$FLEET_GLOBAL_ENROLL_SECRET"
diff --git a/teams/workstations-canary.yml b/teams/workstations-canary.yml
index d5cdf81..3b62539 100644
--- a/teams/workstations-canary.yml
+++ b/teams/workstations-canary.yml
@@ -1,46 +1,23 @@
-# Only available in Fleet Premium. 
+# Teams are available in Fleet Premium. 
 
-#This file updates controls, queries, policies, and agent options for assigned to the "Workstations (canary)" team.
+# This file updates controls, queries, policies, and agent options for assigned to the "Workstations (canary)" team.
 
-# To create and update another team, create another file in the teams/ directory and copy and paste the contents from this file.
+# To add another team, create a new file in the teams/ directory and copy and paste the contents from this file.
 
 name: Workstations (canary)
-controls:
-  enable_disk_encryption: true
-  macos_updates:
-    deadline: "2023-08-11"
-    minimum_version: "13.5"
-  windows_updates:
-    deadline_days: 5
-    grace_period_days: 2
-  macos_settings:
-    custom_settings:
-      # - path: ../lib/macos-os-updates.ddm.json (DDM coming soon)
-      - path: ../lib/macos-password.mobileconfig
-  windows_settings:
-    custom_settings:
-      - path: ../lib/windows-screenlock.xml
-  macos_setup:
-    # bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg (Example URL)
-    # enable_end_user_authentication: true
-    macos_setup_assistant: ../lib/automatic-enrollment.dep.json
-  scripts:
-    - path: ../lib/remove-zoom-artifacts.script.sh
-    - path: ../lib/set-timezone.script.sh
-queries:
-  - path: ../lib/collect-usb-devices.queries.yml
-  - path: ../lib/collect-failed-login-attempts.queries.yml
-  - name: Collect fleetd update channels
-    description: "Collects the update channels for all fleetd components: osquery, Orbit, and Fleet Desktop. To see which version number each channel is on, ask in #help-engineering."
-    query: SELECT desktop_channel, orbit_channel, osqueryd_channel FROM orbit_info;
-    interval: 300
-    observer_can_run: true
-    automations_enabled: false
 policies:
   - path: ../lib/macos-device-health.policies.yml
   - path: ../lib/windows-device-health.policies.yml
+  - path: ../lib/linux-device-health.policies.yml
+queries:
+  - path: ../lib/collect-usb-devices.queries.yml
+  - path: ../lib/collect-failed-login-attempts.queries.yml
 agent_options:
   path: ../lib/agent-options.yml
+controls:
+  scripts:
+    - path: ../lib/remove-zoom-artifacts.script.sh
+    - path: ../lib/set-timezone.script.sh
 team_settings:
   secrets:
     - secret: "$FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET"
diff --git a/teams/workstations.yml b/teams/workstations.yml
index 306ff55..5070e39 100644
--- a/teams/workstations.yml
+++ b/teams/workstations.yml
@@ -1,40 +1,23 @@
 # Only available in Fleet Premium. 
 
-#This file updates controls, queries, policies, and agent options for assigned to the "Workstations" team.
+# This file updates policies, queries, agent options, and controls for assigned to the "Workstations" team.
 
-# To create and update another team, create another file in the teams/ directory and copy and paste the contents from this file.
+# To add another team, create a new file in the teams/ directory and copy and paste the contents from this file.
 
 name: Workstations
-controls:
-  enable_disk_encryption: true
-  macos_updates:
-    deadline: "2023-08-11"
-    minimum_version: "13.5"
-  windows_updates:
-    deadline_days: 5
-    grace_period_days: 2
-  macos_settings:
-    custom_settings:
-      # - path: ../lib/macos-os-updates.ddm.json (DDM coming soon)
-      - path: ../lib/macos-password.mobileconfig
-  windows_settings:
-    custom_settings:
-    - path: ../lib/windows-screenlock.xml
-  macos_setup:
-      # bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg (example URL)
-      # enable_end_user_authentication: true
-      macos_setup_assistant: ../lib/automatic-enrollment.dep.json
-  scripts:
-    - path: ../lib/remove-zoom-artifacts.script.sh
-    - path: ../lib/set-timezone.script.sh
-queries:
-  - path: ../lib/collect-usb-devices.queries.yml
-  - path: ../lib/collect-failed-login-attempts.queries.yml
 policies:
   - path: ../lib/macos-device-health.policies.yml
   - path: ../lib/windows-device-health.policies.yml
+  - path: ../lib/linux-device-health.policies.yml
+queries:
+  - path: ../lib/collect-usb-devices.queries.yml
+  - path: ../lib/collect-failed-login-attempts.queries.yml
 agent_options:
   path: ../lib/agent-options.yml
+controls:
+  scripts:
+    - path: ../lib/remove-zoom-artifacts.script.sh
+    - path: ../lib/set-timezone.script.sh
 team_settings:
   secrets:
     - secret: "$FLEET_WORKSTATIONS_ENROLL_SECRET"